PECAN: A Deterministic Certified Defense Against Backdoor Attacks. (arXiv:2301.11824v1 [cs.CR])

Neural networks are vulnerable to backdoor poisoning attacks, where the
attackers maliciously poison the training set and insert triggers into the test
input to change the prediction of the victim model. Existing defenses for
backdoor attacks either provide no formal guarantees or come with
expensive-to-compute and ineffective probabilistic guarantees. We present
PECAN, an efficient and certified approach for defending against backdoor
attacks. The key insight powering PECAN is to apply off-the-shelf test-time
evasion certification techniques on a set of neural …

attackers attacks backdoor backdoor attacks certified change compute defense input insight key networks neural networks poisoning prediction test the key training victim vulnerable