Circumventing Backdoor Space via Weight Symmetry
This addresses a critical security concern for AI systems vulnerable to backdoor attacks across various learning paradigms, offering a more flexible defense than existing methods.
The paper tackles the problem of backdoor attacks in deep neural networks by proposing TSC, a defense that operates independently of data format and requires minimal clean samples, achieving robust performance comparable to state-of-the-art methods in supervised learning and generalizing to self-supervised frameworks like SimCLR and CLIP.
Deep neural networks are vulnerable to backdoor attacks, where malicious behaviors are implanted during training. While existing defenses can effectively purify compromised models, they typically require labeled data or specific training procedures, making them difficult to apply beyond supervised learning settings. Notably, recent studies have shown successful backdoor attacks across various learning paradigms, highlighting a critical security concern. To address this gap, we propose Two-stage Symmetry Connectivity (TSC), a novel backdoor purification defense that operates independently of data format and requires only a small fraction of clean samples. Through theoretical analysis, we prove that by leveraging permutation invariance in neural networks and quadratic mode connectivity, TSC amplifies the loss on poisoned samples while maintaining bounded clean accuracy. Experiments demonstrate that TSC achieves robust performance comparable to state-of-the-art methods in supervised learning scenarios. Furthermore, TSC generalizes to self-supervised learning frameworks, such as SimCLR and CLIP, maintaining its strong defense capabilities. Our code is available at https://github.com/JiePeng104/TSC.