In this episode we discuss Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning
by Authors:
- Ajinkya Tejankar
- Maziar Sanjabi
- Qifan Wang
- Sinong Wang
- Hamed Firooz
- Hamed Pirsiavash
- Liang Tan
Affiliations:
- University of California, Davis (Ajinkya Tejankar, Hamed Pirsiavash)
- Meta AI (Maziar Sanjabi, Qifan Wang, Sinong Wang, Hamed Firooz, Liang Tan). The paper discusses a vulnerability of self-supervised learning to backdoor attacks through patch-based data poisoning. To defend against such attacks, the paper proposes a three-step defense pipeline involving training a model on the poisoned data, using a defense algorithm called PatchSearch to remove poisoned samples from the training set, and finally training a model on the cleaned-up training set. The results show that PatchSearch is an effective defense, outperforming baselines and state-of-the-art defense approaches. The code is available online.
view more