The paper introduces a certified backdoor detector (CBD) for deep neural networks. The CBD is based on a conformal prediction scheme and uses a statistic called local dominant probability. The detector not only provides a detection inference but also gives the conditions under which backdoor attacks are guaranteed to be detectable. The CBD has been tested on four benchmark datasets, where it achieved high detection accuracy, often surpassing state-of-the-art detectors, while also providing detection certification.

 

Publication date: 26 Oct 2023
Project Page: https://arxiv.org/abs/2310.17498v1
Paper: https://arxiv.org/pdf/2310.17498