notesum.ai
Published at December 6Backdooring Outlier Detection Methods: A Novel Attack Approach
cs.LG
cs.AI
cs.CR
cs.CV
Released Date: December 6, 2024
Authors: ZeinabSadat Taghavi1, Hossein Mirzaei2
Aff.: 1Ludwig-Maximilians-Universität München (LMU); 2École Polytechnique Fédérale de Lausanne (EPFL)
| In-Dataset | Out-Dataset | Attacks | No Defense | Defenses (Benign-AUC / Poison-AUC) | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| NAD | ABL | ANP | SAU | I-BAU | NPD | RNP | ||||
| CIFAR10 | BadNets | 81.6/60.3 | 88.7/67.6 | 81.2/59.1 | 84.3/64.1 | 89.7/68.8 | 80.2/58.1 | 83.2/77.6 | 85.2/65.0 | |
| Blended | 85.1/53.2 | 82.2/53.2 | 85.2/57.5 | 86.6/51.0 | 86.0/61.0 | 87.4/54.1 | 80.1/75.7 | 85.2/55.0 | ||
| SIG | 88.9/50.4 | 89.9/64.8 | 82.8/45.3 | 87.7/55.8 | 83.3/58.0 | 86.4/82.1 | 84.6/59.8 | 81.0/43.1 | ||
| Wanet | 80.8/64.8 | 82.6/65.1 | 81.9/75.4 | 85.6/66.5 | 79.2/57.0 | 78.9/58.1 | 78.2/57.2 | 73.9/47.6 | ||
| SSBA | 83.9/55.1 | 91.6/60.3 | 80.2/52.6 | 86.4/58.0 | 90.3/60.0 | 87.8/56.3 | 88.9/84.1 | 83.0/57.6 | ||
| Input-Aware | 79.7/68.4 | 73.1/51.6 | 73.4/56.5 | 80.366.9 | 81.3/51.8 | 89.4/56.0 | 78.2/75.5 | 81.0/62.2 | ||
| Narcissus | 89.1/48.3 | 83.2/59.4 | 82.1/58.0 | 79.2/47.2 | 85.3/54.5 | 91.1/90.5 | 88.5/50.2 | 87.7/54.1 | ||
| LIRA | 82.9/56.4 | 81.6/79.1 | 78.9/56.6 | 70.2/47.2 | 88.3/55.4 | 79.9/56.1 | 78.6/57.2 | 79.0/54.6 | ||
| BppAttack | 90.1/46.8 | 90.3/59.1 | 83.4/67.1 | 83.0/57.2 | 91.5/64.5 | 90.3/59.9 | 87.7/82.1 | 84.2/58.1 | ||
| BATOD (Ours) | 90.3/7.3 | 86.6/8.0 | 80.2/6.1 | 88.6/7.2 | 82.0/13.6 | 88.4/15.8 | 85.0/10.1 | 86.4/12.7 | ||
| CIFAR100 | BadNets | 79.2 /59.6 | 88.7/67.6 | 81.2/59.1 | 84.3/64.1 | 89.7/68.8 | 89.2/58.1 | 83.2/77.6 | 85.2/55.0 | |
| Blended | 85.850.1 | 82.2/53.2 | 85.2/54.5 | 86.6/57.0 | 86.0/51.0 | 87.4/53.1 | 80.1/75.7 | 85.2/65.0 | ||
| SIG | 87.9/44.4 | 80.9/54.8 | 82.8/55.3 | 87.7/45.8 | 83.3/58.0 | 82.4/76.1 | 84.6/59.8 | 81.0/53.1 | ||
| Wanet | 77.8/61.8 | 72.6/55.1 | 75.9/69.4 | 75.6/56.5 | 79.2/57.0 | 78.9/57.1 | 78.2/57.2 | 73.9/47.6 | ||
| SSBA | 82.9/53.1 | 81.6/50.3 | 80.2/54.6 | 86.4/68.0 | 80.3/60.0 | 87.8/54.3 | 85.9/76.1 | 83.0/57.6 | ||
| Input-Aware | 75.7/67.4 | 73.1/51.6 | 78.4/55.5 | 70.3/56.9 | 74.7/51.8 | 79.4/56.0 | 78.2/74.5 | 71.0/42.2 | ||
| Narcissus | 89.1/43.3 | 83.2/59.4 | 82.1/68.0 | 79.2/57.2 | 85.3/64.5 | 91.1/90.5 | 88.5/60.2 | 87.7/54.1 | ||
| LIRA | 80.9/55.4 | 81.6/80.1 | 78.9/56.6 | 80.2/57.2 | 78.3/55.4 | 79.9/56.1 | 78.6/57.2 | 79.0/44.6 | ||
| BppAttack | 90.0/36.8 | 90.3/59.1 | 83.4/67.1 | 83.0/57.2 | 91.5/64.5 | 90.3/59.9 | 87.7/77.2 | 84.2/68.1 | ||
| BATOD (Ours) | 90.5/9.3 | 86.6/9.0 | 80.2/6.7 | 88.3/7.9 | 82.0/14.5 | 88.4/16.3 | 85.0/11.2 | 86.4/13.9 | ||