Defenses
Supported Defenses
The following table lists the supported defenses in BackdoorMBTI:
Defense |
Modality |
Input |
Stage |
Output |
Paper |
|---|---|---|---|---|---|
STRIP |
Audio, Image, and text |
backdoor model, clean dataset |
post-training |
clean dataset |
STRIP: A Defence Against Trojan Attacks on Deep Neural Networks |
AC |
Audio, Image, and text |
backdoor model, clean dataset, poison dataset |
post-training |
clean model, clean dataset |
Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering |
FT |
Audio, Image, and text |
backdoor model, clean dataset |
in-training |
clean model |
Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks |
FP |
Audio, Image, and text |
backdoor model, clean dataset |
post-training |
clean model |
Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks |
ABL |
Audio, Image, and text |
backdoor model, poison dataset |
in-training |
clean model |
Anti-Backdoor Learning: Training Clean Models on Poisoned Data |
CLP |
Audio, Image, and text |
backdoor model |
post-training |
clean model |
|
NC |
Image |
backdoor model, clean dataset |
post-training |
clean model, trigger pattern |
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks |
MNTD |
Image |
backdoor model |
post-training |
detection result |
|
FreeEagle |
Image |
backdoor model |
post-training |
detection result |
FREEEAGLE: Detecting Complex Neural Trojans in Data-Free Cases |