Unlearnable examples (UEs) seek to maximize testing error by making subtle modifications training that are correctly labeled. Defenses against these poisoning attacks can be categorized based on whether specific interventions adopted during training. The first approach is training-time defense, such as adversarial training, which mitigate effects but computationally intensive. other pre-training purification, e.g., image short squeezing, consists of several simple compressions often encounters challenges in dealing with various UEs. Our work provides a novel disentanglement mechanism build an efficient purification method. Firstly, we uncover rate-constrained variational autoencoders (VAEs), demonstrating clear tendency suppress the perturbations We subsequently conduct theoretical analysis for this phenomenon. Building upon insights, introduce disentangle autoencoder (D-VAE), capable disentangling learnable class-wise embeddings. Based network, two-stage naturally developed. stage focuses roughly eliminating perturbations, while second produces refined, poison-free results, ensuring effectiveness and robustness across scenarios. Extensive experiments demonstrate remarkable performance our method CIFAR-10, CIFAR-100, 100-class ImageNet-subset. Code available at https://github.com/yuyi-sd/D-VAE.

Load

Load