notesum.ai

Published at November 29

FLARE: Towards Universal Dataset Purification against Backdoor Attacks

cs.CR

cs.AI

cs.CV

cs.LG

Released Date: November 29, 2024

Authors: Linshan Hou¹, Wei Luo¹, Zhongyun Hua¹, Songhua Chen¹, Leo Yu Zhang¹, Yiming Li¹

Aff.: ¹Not provided

Arxiv: http://arxiv.org/pdf/2411.19479v1

Refer to caption

Attack Mode $\downarrow$	Defenses $\rightarrow$	AC		SCALE-UP		MSPC		IBD-PSC		CT		FLARE
Attack Mode $\downarrow$	Attacks $\downarrow$	TPR	FPR	TPR	FPR	TPR	FPR	TPR	FPR	TPR	FPR	TPR	FPR
—	No Poison	—	0.49	—	4.62	—	0.61	—	0.05	—	18.65	—	2.89
A2O	BadNets	0.00	0.15	94.61	27.67	98.02	40.80	98.01	0.75	100.00	0.65	100.00	0.00
	Blend	46.50	0.00	91.68	4.94	95.94	0.59	99.99	6.61	94.09	13.96	99.97	0.00
	Trojan	0.00	0.01	82.83	5.89	100.00	0.65	82.70	1.75	100.00	11.57	100.00	0.01
	WaNet	62.18	0.00	0.00	5.25	0.03	0.45	96.62	0.21	79.42	3.37	93.68	0.00
A2A	BadNets	0.04	0.46	2.58	3.81	0.49	0.62	0.15	0.05	0.71	10.23	100.00	0.00
	Blend	0.00	0.50	0.25	3.26	0.20	0.10	0.03	0.26	0.00	1.20	99.57	0.00
	Trojan	0.00	0.49	1.39	3.85	0.40	0.42	0.06	0.29	0.00	1.20	99.99	0.01
UT	BadNets	0.45	0.35	3.94	4.47	0.61	0.63	0.00	0.00	0.58	27.54	100.00	0.00
	Blend	0.54	0.00	1.70	2.74	0.00	0.40	0.00	0.21	0.04	0.30	100.00	0.01
	Trojan	9.36	0.00	3.90	4.60	0.20	0.10	0.00	0.18	0.00	1.00	100.00	0.00