NBA: defensive distillation for backdoor removal via neural behavior alignment

Abstract Recently, deep neural networks have been shown to be vulnerable backdoor attacks. A is inserted into via this attack paradigm, thus compromising the integrity of network. As soon as an attacker presents a trigger during testing phase, in model activated, allowing network make specific wrong predictions. It extremely important defend against attacks since they are very stealthy and dangerous. In paper, we propose novel defense mechanism, Neural Behavioral Alignment (NBA), for removal. NBA optimizes distillation process terms knowledge form samples improve performance according characteristics defense. builds high-level representations behavior within order facilitate transfer knowledge. Additionally, crafts pseudo induce student models exhibit behavior. By aligning from with benign teacher network, enables proactive removal backdoors. Extensive experiments show that can effectively six different outperform five state-of-the-art defenses.