@inproceedings{16113cfe4b554667a8df7095afd9ed5f,
title = "Stronger Separability, Stronger Defense: Influence-Based Backdoor Detection",
abstract = "Deep Neural Networks (DNNs) are susceptible to backdoor attacks, where an attacker can insert hidden functionality into DNNs by simply manipulating a small amount of training data, without compromising the victim DNN{\textquoteright}s normal functionality. To defend against such attacks, one line of work focuses on detecting suspicious samples before training according to the latent separability assumption that clean and poison samples can be separated in representation space learned by a trained DNN. However, recent strong backdoor attacks can easily break the representation separability, thus existing detection methods become invalid. To this end, we propose to detect poison samples in influence space by tracing data influence on model parameters instead of conventional model outputs. We show that influence separability is significantly stronger than conventional representation separability in terms of four common statistics (e.g., Silhouette Score increases by 122\% on average). With such strong separability in influence space, we can easily obtain stronger backdoor detection and defense by employing existing methods or even simple statistics in influence space. Extensive experiments show that our influence-based methods can significantly outperform conventional representation-based baselines against eight representative backdoor attacks. Particularly, influence space can surprisingly reduce the average attack success rate by 43.4 points (47.2\%→3.8\%) over three benchmark datasets than representation space.",
keywords = "Backdoor attack, Backdoor defense, Influence function",
author = "Buhua Liu and Shuo Yang and Zhiqiang Xu and Haoyi Xiong and Cheung, \{Yiu Ming\} and Zeke Xie",
note = "This work was partially supported by Guangdong Provincial Key Lab of Integrated Communication, Sensing and Computation for Ubiquitous Internet of Things (No. 2023B1212010007), and the Education Bureau of Guangzhou Municipality under General Program No. 2024312043. Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 29th Pacific-Asia Conference on Knowledge Discovery and Data Mining, PAKDD 2025 ; Conference date: 10-06-2025 Through 13-06-2025",
year = "2025",
month = jun,
day = "14",
doi = "10.1007/978-981-96-8170-9\_9",
language = "English",
isbn = "9789819681693",
series = "Lecture Notes in Computer Science",
publisher = "Springer",
pages = "108--120",
editor = "Xintao Wu and Myra Spiliopoulou and Can Wang and Vipin Kumar and Longbing Cao and Yanqiu Wu and Zhangkai Wu and Yu Yao",
booktitle = "Advances in Knowledge Discovery and Data Mining",
address = "Singapore",
edition = "1",
url = "https://pakdd2025.org/, https://link.springer.com/book/10.1007/978-981-96-8170-9\#overview",
}
