Deep neural networks (DNNs) have been found to be vulnerable backdoor attacks, raising security concerns about their deployment in mission-critical applications. While existing defense methods demonstrated promising results, it is still not clear how effectively remove backdoor-associated neurons backdoored DNNs. In this paper, we propose a novel called \emph{Reconstructive Neuron Pruning} (RNP) expose and prune via an unlearning then recovering process. Specifically, RNP first unlearns the by maximizing model's error on small subset of clean samples recovers minimizing same data. RNP, operated at neuron level while filter level, forming asymmetric reconstructive learning procedure. We show that such process only few can implanted wide range achieving new state-of-the-art performance. Moreover, unlearned model intermediate step our directly used improve other tasks including removal, trigger recovery, label detection, sample detection. Code available \url{https://github.com/bboylyg/RNP}.

Load

Load