{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,28]],"date-time":"2025-03-28T05:24:20Z","timestamp":1743139460582,"version":"3.40.3"},"publisher-location":"Singapore","reference-count":29,"publisher":"Springer Nature Singapore","isbn-type":[{"type":"print","value":"9789819754977"},{"type":"electronic","value":"9789819754984"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-981-97-5498-4_26","type":"book-chapter","created":{"date-parts":[[2024,7,26]],"date-time":"2024-07-26T03:48:02Z","timestamp":1721965682000},"page":"336-348","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Knowledge-Driven Backdoor Removal in\u00a0Deep Neural Networks via\u00a0Reinforcement Learning"],"prefix":"10.1007","author":[{"ORCID":"https:\/\/orcid.org\/0009-0000-0853-8452","authenticated-orcid":false,"given":"Jiayin","family":"Song","sequence":"first","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6693-0935","authenticated-orcid":false,"given":"Yike","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0015-7780","authenticated-orcid":false,"given":"Yunzhe","family":"Tian","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4912-1407","authenticated-orcid":false,"given":"Xingyu","family":"Wu","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0009-0007-9812-4552","authenticated-orcid":false,"given":"Qiong","family":"Li","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0348-2108","authenticated-orcid":false,"given":"Endong","family":"Tong","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4706-4266","authenticated-orcid":false,"given":"Wenjia","family":"Niu","sequence":"additional","affiliation":[]},{"given":"Zhenguo","family":"Zhang","sequence":"additional","affiliation":[]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1147-4327","authenticated-orcid":false,"given":"Jiqiang","family":"Liu","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2024,7,27]]},"reference":[{"key":"26_CR1","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)"},{"key":"26_CR2","unstructured":"DeVries, T., Taylor, G.W.: Improved regularization of convolutional neural networks with cutout. arXiv preprint arXiv:1708.04552 (2017)"},{"key":"26_CR3","unstructured":"Du, M., Jia, R., Song, D.: ROBUST anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116 (2019)"},{"key":"26_CR4","unstructured":"Gong, C., Ren, T., Ye, M., Liu, Q.: MaxUp: a simple way to improve generalization of neural network training. arXiv preprint arXiv:2002.09024 (2020)"},{"key":"26_CR5","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu, T., Liu, K., Dolan-Gavitt, B., Garg, S.: BadNets: evaluating backdooring attacks on deep neural networks. IEEE Access 7, 47230\u201347244 (2019)","journal-title":"IEEE Access"},{"key":"26_CR6","unstructured":"Hayase, J., Kong, W., Somani, R., Oh, S.: SPECTRE: defending against backdoor attacks using robust statistics. In: International Conference on Machine Learning. pp, 4129\u20134139. PMLR (2021)"},{"key":"26_CR7","first-page":"14900","volume":"34","author":"Y Li","year":"2021","unstructured":"Li, Y., Lyu, X., Koren, N., Lyu, L., Li, B., Ma, X.: Anti-backdoor learning: training clean models on poisoned data. Adv. Neural. Inf. Process. Syst. 34, 14900\u201314912 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"26_CR8","unstructured":"Li, Y., Lyu, X., Koren, N., Lyu, L., Li, B., Ma, X.: Neural attention distillation: erasing backdoor triggers from deep neural networks. arXiv preprint arXiv:2101.05930 (2021)"},{"key":"26_CR9","doi-asserted-by":"crossref","unstructured":"Li, Y., Jiang, Y., Li, Z., Xia, S.T.: Backdoor learning: a survey. IEEE Trans. Neural Netw. Learn. Syst. 35(1) (2022)","DOI":"10.1109\/TNNLS.2022.3182979"},{"key":"26_CR10","unstructured":"Li, Y., Zhai, T., Jiang, Y., Li, Z., Xia, S.T.: Backdoor attack in the physical world. arXiv preprint arXiv:2104.02361 (2021)"},{"key":"26_CR11","doi-asserted-by":"crossref","unstructured":"Li, Y., Hua, J., Wang, H., Chen, C., Liu, Y.: DeepPayload: black-box backdoor attack on deep learning models through neural payload injection. In: 2021 IEEE\/ACM 43rd International Conference on Software Engineering (ICSE), pp. 263\u2013274. IEEE (2021)","DOI":"10.1109\/ICSE43902.2021.00035"},{"key":"26_CR12","doi-asserted-by":"crossref","unstructured":"Li, Y., Li, Y., Wu, B., Li, L., He, R., Lyu, S.: Invisible backdoor attack with sample-specific triggers. In: Proceedings of the IEEE\/CVF International Conference on Computer Vision, pp. 16463\u201316472 (2021)","DOI":"10.1109\/ICCV48922.2021.01615"},{"issue":"8","key":"26_CR13","doi-asserted-by":"publisher","first-page":"6469","DOI":"10.1109\/JIOT.2020.3043716","volume":"8","author":"L Liu","year":"2020","unstructured":"Liu, L., et al.: Computing systems for autonomous driving: state of the art and challenges. IEEE Internet Things J. 8(8), 6469\u20136486 (2020)","journal-title":"IEEE Internet Things J."},{"key":"26_CR14","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"182","DOI":"10.1007\/978-3-030-58607-2_11","volume-title":"Computer Vision \u2013 ECCV 2020","author":"Y Liu","year":"2020","unstructured":"Liu, Y., Ma, X., Bailey, J., Lu, F.: Reflection backdoor: a natural backdoor attack on deep neural networks. In: Vedaldi, A., Bischof, H., Brox, T., Frahm, J.M. (eds.) ECCV 2020. LNCS, vol. 12355, pp. 182\u2013199. Springer, Cham (2020). https:\/\/doi.org\/10.1007\/978-3-030-58607-2_11"},{"key":"26_CR15","unstructured":"Nguyen, A., Tran, A.: WaNet\u2013imperceptible warping-based backdoor attack. arXiv preprint arXiv:2102.10369 (2021)"},{"key":"26_CR16","first-page":"3454","volume":"33","author":"TA Nguyen","year":"2020","unstructured":"Nguyen, T.A., Tran, A.: Input-aware dynamic backdoor attack. Adv. Neural. Inf. Process. Syst. 33, 3454\u20133464 (2020)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"key":"26_CR17","doi-asserted-by":"crossref","unstructured":"Qi, X., Zhu, J., Xie, C., Yang, Y.: Subnet replacement: deployment-stage backdoor attack against deep neural networks in gray-box setting. arXiv preprint arXiv:2107.07240 (2021)","DOI":"10.1109\/CVPR52688.2022.01299"},{"key":"26_CR18","doi-asserted-by":"crossref","unstructured":"Rakin, A.S., He, Z., Fan, D.: TBT: targeted neural network attack with bit trojan. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 13198\u201313207 (2020)","DOI":"10.1109\/CVPR42600.2020.01321"},{"key":"26_CR19","unstructured":"Schulman, J., Wolski, F., Dhariwal, P., Radford, A., Klimov, O.: Proximal policy optimization algorithms. arXiv preprint arXiv:1707.06347 (2017)"},{"key":"26_CR20","doi-asserted-by":"crossref","unstructured":"Tang, R., Du, M., Liu, N., Yang, F., Hu, X.: An embarrassingly simple approach for trojan attack in deep neural networks. In: Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 218\u2013228 (2020)","DOI":"10.1145\/3394486.3403064"},{"key":"26_CR21","unstructured":"Tran, B., Li, J., Madry, A.: Spectral signatures in backdoor attacks. Adv. Neural Inform. Process. Syst. 31 (2018)"},{"key":"26_CR22","unstructured":"Turner, A., Tsipras, D., Madry, A.: Label-consistent backdoor attacks. arXiv preprint arXiv:1912.02771 (2019)"},{"key":"26_CR23","unstructured":"Wang, B., Cao, X., Gong, N.Z., et\u00a0al.: On certifying robustness against backdoor attacks via randomized smoothing. arXiv preprint arXiv:2002.11750 (2020)"},{"key":"26_CR24","doi-asserted-by":"crossref","unstructured":"Wang, B., et al.: Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE SympoDsium on Security and Privacy (SP), pp. 707\u2013723. IEEE (2019)","DOI":"10.1109\/SP.2019.00031"},{"key":"26_CR25","doi-asserted-by":"crossref","unstructured":"Wang, Z., Zhai, J., Ma, S.: BppAttack: stealthy and efficient trojan attacks against deep neural networks via image quantization and contrastive adversarial learning. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition, pp. 15074\u201315084 (2022)","DOI":"10.1109\/CVPR52688.2022.01465"},{"key":"26_CR26","doi-asserted-by":"crossref","unstructured":"Weber, M., Xu, X., Karla\u0161, B., Zhang, C., Li, B.: RAB: provable robustness against backdoor attacks. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1311\u20131328. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179451"},{"key":"26_CR27","first-page":"16913","volume":"34","author":"D Wu","year":"2021","unstructured":"Wu, D., Wang, Y.: Adversarial neuron pruning purifies backdoored deep models. Adv. Neural. Inf. Process. Syst. 34, 16913\u201316925 (2021)","journal-title":"Adv. Neural. Inf. Process. Syst."},{"issue":"3","key":"26_CR28","doi-asserted-by":"publisher","first-page":"1562","DOI":"10.1109\/TDSC.2020.3028448","volume":"19","author":"M Xue","year":"2020","unstructured":"Xue, M., He, C., Wang, J., Liu, W.: One-to-n & n-to-one: two advanced backdoor attacks against deep learning models. IEEE Trans. Dependable Secure Comput. 19(3), 1562\u20131578 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"26_CR29","doi-asserted-by":"crossref","unstructured":"Yoshida, K., Fujino, T.: Disabling backdoor and identifying poison data by using knowledge distillation in backdoor attacks on deep neural networks. In: Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security, pp. 117\u2013127 (2020)","DOI":"10.1145\/3411508.3421375"}],"container-title":["Lecture Notes in Computer Science","Knowledge Science, Engineering and Management"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-981-97-5498-4_26","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,26]],"date-time":"2024-07-26T04:02:03Z","timestamp":1721966523000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-981-97-5498-4_26"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9789819754977","9789819754984"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-981-97-5498-4_26","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"27 July 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"KSEM","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"International Conference on Knowledge Science, Engineering and Management","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Birmingham","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"United Kingdom","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 August 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"18 August 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"17","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"ksem2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/ai-edge.net\/index.html","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}