Backdoor attacks have attracted wide attention from academia and industry due to their great security threat deep neural networks (DNN). Most of the existing methods propose conduct backdoor by poisoning training dataset with different strategies, so it's critical identify poisoned samples then train a clean model on unreliable in context defending attacks. Although numerous countermeasure researches are proposed, inherent weaknesses render them limited practical scenarios, such as requirement enough samples, unstable defense performance under various attack conditions, poor against adaptive attacks, on.Therefore, this paper, we committed overcome above limitations more method. Concretely, first explore relationship between potential perturbations trigger, theoretical analysis experimental results demonstrate that perform robustness perturbation than ones. Then, based our key explorations, introduce AdvrBD, an Adversarial perturbation-based robust Defense framework, which can effectively dataset. Constructively, AdvrBD eliminates for any or knowledge about (e.g., ratio), significantly improves practicality real-world scenarios.

Load

Load