Data-Free Backdoor Removal Based on Channel Lipschitzness

AbstractRecent studies have shown that Deep Neural Networks (DNNs) are vulnerable to the backdoor attacks, which leads malicious behaviors of DNNs when specific triggers attached input images. It was further demonstrated infected possess a collection channels, more sensitive compared with normal channels. Pruning these channels then be effective in mitigating behaviors. To locate those it is natural consider their Lipschitzness, measures sensitivity against worst-case perturbations on inputs. In this work, we introduce novel concept called Channel Lipschitz Constant (CLC), defined as constant mapping from images output each channel. Then provide empirical evidences show strong correlation between an Upper bound CLC (UCLC) and trigger-activated change channel activation. Since UCLC can directly calculated weight matrices, detect potential data-free manner, do simple pruning DNN repair model. The proposed Lipschitzness based (CLP) method super fast, simple, robust choice threshold. Extensive experiments conducted evaluate efficiency effectiveness CLP, achieves state-of-the-art results among mainstream defense methods even without any data. Source codes available at https://github.com/rkteddy/channel-Lipschitzness-based-pruning.KeywordsDeep neural networkBackdoor defenseLipschitz constantModel