Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs
In this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a fre...
| Main Authors: | , , , |
|---|---|
| Format: | Conference item |
| Language: | English |
| Published: |
IEEE
2023
|
| _version_ | 1811139464898019328 |
|---|---|
| author | Hammoud, HAAK Bibi, A Torr, PHS Ghanem, B |
| author_facet | Hammoud, HAAK Bibi, A Torr, PHS Ghanem, B |
| author_sort | Hammoud, HAAK |
| collection | OXFORD |
| description | In this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a frequency-based poisoned sample detection algorithm that is simple yet effective. Our experimental results demonstrate the efficacy of FREAK not only against frequency backdoor attacks but also against some spatial attacks. Our work is just the first step in leveraging these insights. We believe that our analysis and proposed defense mechanism will provide a foundation for future research and development of backdoor defenses. |
| first_indexed | 2024-09-25T04:06:31Z |
| format | Conference item |
| id | oxford-uuid:1ac3310c-e51c-4833-bee6-acba9ed5f359 |
| institution | University of Oxford |
| language | English |
| last_indexed | 2024-09-25T04:06:31Z |
| publishDate | 2023 |
| publisher | IEEE |
| record_format | dspace |
| spelling | oxford-uuid:1ac3310c-e51c-4833-bee6-acba9ed5f3592024-05-30T11:47:12ZDon’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNsConference itemhttp://purl.org/coar/resource_type/c_5794uuid:1ac3310c-e51c-4833-bee6-acba9ed5f359EnglishSymplectic ElementsIEEE2023Hammoud, HAAKBibi, ATorr, PHSGhanem, BIn this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a frequency-based poisoned sample detection algorithm that is simple yet effective. Our experimental results demonstrate the efficacy of FREAK not only against frequency backdoor attacks but also against some spatial attacks. Our work is just the first step in leveraging these insights. We believe that our analysis and proposed defense mechanism will provide a foundation for future research and development of backdoor defenses. |
| spellingShingle | Hammoud, HAAK Bibi, A Torr, PHS Ghanem, B Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title | Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title_full | Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title_fullStr | Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title_full_unstemmed | Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title_short | Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs |
| title_sort | don t freak out a frequency inspired approach to detecting backdoor poisoned samples in dnns |
| work_keys_str_mv | AT hammoudhaak dontfreakoutafrequencyinspiredapproachtodetectingbackdoorpoisonedsamplesindnns AT bibia dontfreakoutafrequencyinspiredapproachtodetectingbackdoorpoisonedsamplesindnns AT torrphs dontfreakoutafrequencyinspiredapproachtodetectingbackdoorpoisonedsamplesindnns AT ghanemb dontfreakoutafrequencyinspiredapproachtodetectingbackdoorpoisonedsamplesindnns |