Summary of Ban: Detecting Backdoors Activated by Adversarial Neuron Noise, By Xiaoyun Xu et al.
BAN: Detecting Backdoors Activated by Adversarial Neuron Noise
by Xiaoyun Xu, Zhuoran Liu, Stefanos Koffas, Shujian Yu, Stjepan Picek
First submitted to arxiv on: 30 May 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Cryptography and Security (cs.CR)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper improves upon state-of-the-art backdoor defenses by incorporating extra neuron activation information to enhance the detection of backdoored models. The proposed defense, called BAN, is more efficient than BTI-DBF, with a 1.37and 5.11improvement on CIFAR-10 and ImageNet200 respectively, while achieving an average 9.99% higher detect success rate. BAN works by increasing the loss of backdoored models with respect to weights to activate the backdoor effect, allowing for easy differentiation between backdoored and clean models. The defense is model-agnostic and applicable to practical threat scenarios. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper helps keep deep learning models safe from bad attacks called “backdoors.” It creates a new way to find these backdoors that’s faster and better than the current methods. This new method, called BAN, can detect backdoors more accurately and quickly than before. The researchers hope that this will help protect people’s data and make sure that deep learning models are trustworthy. |
Keywords
* Artificial intelligence * Deep learning
