GangSweep: Sweep Out Neural Backdoors by GAN
Document Type
Conference Paper
Publication Date
2020
DOI
10.1145/3394171.3413546
Publication Title
Proceedings of the 28th ACM International Conference on Multimedia
Pages
3173–3181
Conference Name
MM '20: The 28th ACM International Conference on Multimedia
Abstract
This work proposes GangSweep, a new backdoor detection framework that leverages the super reconstructive power of Generative Adversarial Networks (GAN) to detect and ''sweep out'' neural backdoors. It is motivated by a series of intriguing empirical investigations, revealing that the perturbation masks generated by GAN are persistent and exhibit interesting statistical properties with low shifting variance and large shifting distance in feature space. Compared with the previous solutions, the proposed approach eliminates the reliance on the access to training data, and shows a high degree of robustness and efficiency for detecting and mitigating a wide range of backdoored models with various settings. Moreover, this is the first work that successfully leverages generative networks to defend against advanced neural backdoors with multiple triggers and their polymorphic forms.
Original Publication Citation
Zhu, L., Ning, R., Wang, C., Xin, C., & Wu, H. (2020). GangSweep: Sweep out neural backdoors by GAN. Proceedings of the 28th ACM International Conference on Multimedia, Seattle, Washington, USA. https://doi.org/10.1145/3394171.3413546.
Repository Citation
Zhu, L., Ning, R., Wang, C., Xin, C., & Wu, H. (2020). GangSweep: Sweep out neural backdoors by GAN. Proceedings of the 28th ACM International Conference on Multimedia, Seattle, Washington, USA. https://doi.org/10.1145/3394171.3413546.
Comments
© Association for Computing Machinery
Open Access in ACM Digital Library.