{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T05:04:47Z","timestamp":1750309487527,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,10,28]],"date-time":"2024-10-28T00:00:00Z","timestamp":1730073600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"111 Center","award":["B16037"],"award-info":[{"award-number":["B16037"]}]},{"name":"China National Science Foundation","award":["62072356"],"award-info":[{"award-number":["62072356"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,10,28]]},"DOI":"10.1145\/3664647.3680968","type":"proceedings-article","created":{"date-parts":[[2024,10,26]],"date-time":"2024-10-26T06:59:41Z","timestamp":1729925981000},"page":"9077-9086","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Learning from Distinction: Mitigating Backdoors Using a Low-Capacity Model"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3995-5156","authenticated-orcid":false,"given":"Haosen","family":"Sun","sequence":"first","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-6782-1339","authenticated-orcid":false,"given":"Yiming","family":"Li","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2879-241X","authenticated-orcid":false,"given":"Xixiang","family":"Lyu","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5217-3910","authenticated-orcid":false,"given":"Jing","family":"Ma","sequence":"additional","affiliation":[{"name":"School of Cyber Engineering, Xidian University, Xi'an, Shaanxi, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2024,10,28]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICIP.2019.8802997"},{"key":"e_1_3_2_1_2_1","volume-title":"Workshop on Artificial Intelligence Safety. CEUR-WSceurws@ sunsite. informatik. rwth-aachen. de.","author":"Chen Bryant","year":"2019","unstructured":"Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian Molloy, and Biplav Srivastava. 2019. Detecting backdoor attacks on deep neural networks by activation clustering. In Workshop on Artificial Intelligence Safety. CEUR-WSceurws@ sunsite. informatik. rwth-aachen. de."},{"key":"e_1_3_2_1_3_1","volume-title":"DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks. In International Joint Conference on Artificial Intelligence (IJCAI).","author":"Chen Huili","year":"2019","unstructured":"Huili Chen, Cheng Fu, Jishen Zhao, and Farinaz Koushanfar. 2019. DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks. In International Joint Conference on Artificial Intelligence (IJCAI)."},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.00762"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.00068"},{"key":"e_1_3_2_1_6_1","volume-title":"Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2009.5206848"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCV48922.2021.01617"},{"key":"e_1_3_2_1_9_1","volume-title":"Robust anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116","author":"Du Min","year":"2019","unstructured":"Min Du, Ruoxi Jia, and Dawn Song. 2019. Robust anomaly detection and backdoor attack detection via differential privacy. arXiv preprint arXiv:1911.07116 (2019)."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1109\/IJCB48548.2020.9304875"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52729.2023.00390"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359789.3359790"},{"key":"e_1_3_2_1_13_1","volume-title":"Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses","author":"Goldblum Micah","year":"2022","unstructured":"Micah Goldblum, Dimitris Tsipras, Chulin Xie, Xinyun Chen, Avi Schwarzschild, Dawn Song, Aleksander Madry, Bo Li, and Tom Goldstein. 2022. Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses. IEEE Transactions on Pattern Analysis and Machine Intelligence (2022)."},{"key":"e_1_3_2_1_14_1","volume-title":"Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733","author":"Gu Tianyu","year":"2017","unstructured":"Tianyu Gu, Brendan Dolan-Gavitt, and Siddharth Garg. 2017. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733 (2017)."},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01300"},{"key":"e_1_3_2_1_16_1","volume-title":"International Conference on Machine Learning. PMLR, 4129--4139","author":"Hayase Jonathan","year":"2021","unstructured":"Jonathan Hayase, Weihao Kong, Raghav Somani, and Sewoong Oh. 2021. Defense against backdoor attacks via robust covariance estimation. In International Conference on Machine Learning. PMLR, 4129--4139."},{"key":"e_1_3_2_1_17_1","volume-title":"International Conference on Machine Learning. PMLR, 4129--4139","author":"Hayase Jonathan","year":"2021","unstructured":"Jonathan Hayase, Weihao Kong, Raghav Somani, and Sewoong Oh. 2021. Spectre: Defending against backdoor attacks using robust statistics. In International Conference on Machine Learning. PMLR, 4129--4139."},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2016.90"},{"key":"e_1_3_2_1_19_1","volume-title":"Backdoor defense via decoupling the training process. arXiv preprint arXiv:2202.03423","author":"Huang Kunzhe","year":"2022","unstructured":"Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin, and Kui Ren. 2022. Backdoor defense via decoupling the training process. arXiv preprint arXiv:2202.03423 (2022)."},{"key":"e_1_3_2_1_20_1","volume-title":"Neuroninspect: Detecting backdoors in neural networks via output explanations. arXiv preprint arXiv:1911.07399","author":"Huang Xijie","year":"2019","unstructured":"Xijie Huang, Moustafa Alzantot, and Mani Srivastava. 2019. Neuroninspect: Detecting backdoors in neural networks via output explanations. arXiv preprint arXiv:1911.07399 (2019)."},{"key":"e_1_3_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICCCNT45670.2019.8944469"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/3400302.3415671"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1609\/aaai.v35i9.16971"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"crossref","unstructured":"Fu Jiansheng et al. 2014. Vision-based real-time traffic accident detection. In Proceeding of the 11th world congress on intelligent control and automation. IEEE 1035--1038.","DOI":"10.1109\/WCICA.2014.7052859"},{"key":"e_1_3_2_1_25_1","volume-title":"A unified framework for analyzing and detecting malicious examples of dnn models. arXiv preprint arXiv:2006.14871","author":"Jin Kaidi","year":"2020","unstructured":"Kaidi Jin, Tianwei Zhang, Chao Shen, Yufei Chen, Ming Fan, Chenhao Lin, and Ting Liu. 2020. A unified framework for analyzing and detecting malicious examples of dnn models. arXiv preprint arXiv:2006.14871, Vol. 8, 9 (2020)."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.00038"},{"volume-title":"Learning Multiple Layers of Features from Tiny Images. Master's thesis","author":"Krizhevsky A","key":"e_1_3_2_1_27_1","unstructured":"A Krizhevsky. 2009. Learning Multiple Layers of Features from Tiny Images. Master's thesis, University of Tront (2009)."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/5.726791"},{"key":"e_1_3_2_1_29_1","volume-title":"International Conference on Learning Representations (ICLR).","author":"Levine A","year":"2021","unstructured":"A Levine and S Feizi. 2021. Deep Partition Aggregation: Provable Defense against General Poisoning Attacks. In International Conference on Learning Representations (ICLR)."},{"key":"e_1_3_2_1_30_1","first-page":"2088","article-title":"Invisible backdoor attacks on deep neural networks via steganography and regularization","volume":"18","author":"Li Shaofeng","year":"2020","unstructured":"Shaofeng Li, Minhui Xue, Benjamin Zi Hao Zhao, Haojin Zhu, and Xinpeng Zhang. 2020. Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Transactions on Dependable and Secure Computing, Vol. 18, 5 (2020), 2088--2105.","journal-title":"IEEE Transactions on Dependable and Secure Computing"},{"key":"e_1_3_2_1_31_1","volume-title":"Backdoor learning: A survey","author":"Li Yiming","year":"2022","unstructured":"Yiming Li, Yong Jiang, Zhifeng Li, and Shu-Tao Xia. 2022. Backdoor learning: A survey. IEEE Transactions on Neural Networks and Learning Systems (2022)."},{"key":"e_1_3_2_1_32_1","volume-title":"International Conference on Learning Representations.","author":"Li Yige","year":"2020","unstructured":"Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2020. Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_33_1","first-page":"14900","article-title":"Anti-backdoor learning: Training clean models on poisoned data","volume":"34","author":"Li Yige","year":"2021","unstructured":"Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, and Xingjun Ma. 2021. Anti-backdoor learning: Training clean models on poisoned data. Advances in Neural Information Processing Systems, Vol. 34 (2021), 14900--14912.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_34_1","volume-title":"Reconstructive Neuron Pruning for Backdoor Defense. In International Conference on Machine Learning.","author":"Li Yige","year":"2023","unstructured":"Yige Li, Xixiang Lyu, Xingjun Ma, Nodens Koren, Lingjuan Lyu, Bo Li, and Yu-Gang Jiang. 2023. Reconstructive Neuron Pruning for Backdoor Defense. In International Conference on Machine Learning."},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-00470-5_13"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363216"},{"key":"e_1_3_2_1_37_1","unstructured":"Yingqi Liu Shiqing Ma Yousra Aafer Wen-Chuan Lee Juan Zhai Weihang Wang and Xiangyu Zhang. 2017. Trojaning attack on neural networks. (2017)."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-58607-2_11"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR.2017.17"},{"key":"e_1_3_2_1_40_1","volume-title":"Wanet--imperceptible warping-based backdoor attack. arXiv preprint arXiv:2102.10369","author":"Nguyen Anh","year":"2021","unstructured":"Anh Nguyen and Anh Tran. 2021. Wanet--imperceptible warping-based backdoor attack. arXiv preprint arXiv:2102.10369 (2021)."},{"key":"e_1_3_2_1_41_1","first-page":"3454","article-title":"Input-aware dynamic backdoor attack","volume":"33","author":"Nguyen Tuan Anh","year":"2020","unstructured":"Tuan Anh Nguyen and Anh Tran. 2020. Input-aware dynamic backdoor attack. Advances in Neural Information Processing Systems, Vol. 33 (2020), 3454--3464.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01321"},{"key":"e_1_3_2_1_43_1","volume-title":"A constructive prediction of the generalization error across scales. arXiv preprint arXiv:1909.12673","author":"Rosenfeld Jonathan S","year":"2019","unstructured":"Jonathan S Rosenfeld, Amir Rosenfeld, Yonatan Belinkov, and Nir Shavit. 2019. A constructive prediction of the generalization error across scales. arXiv preprint arXiv:1909.12673 (2019)."},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"crossref","unstructured":"Olga Russakovsky Jia Deng Hao Su Jonathan Krause Sanjeev Satheesh Sean Ma Zhiheng Huang Andrej Karpathy Aditya Khosla Michael Bernstein et al. 2015. Imagenet large scale visual recognition challenge. International journal of computer vision Vol. 115 3 (2015) 211--252.","DOI":"10.1007\/s11263-015-0816-y"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"crossref","unstructured":"Mark Sandler Andrew Howard Menglong Zhu Andrey Zhmoginov and Liang-Chieh Chen. 2018. MobileNetV2: Inverted Residuals and Linear Bottlenecks. 4510--4520.","DOI":"10.1109\/CVPR.2018.00474"},{"key":"e_1_3_2_1_46_1","volume-title":"International Conference on Machine Learning. PMLR, 9525--9536","author":"Shen Guangyu","year":"2021","unstructured":"Guangyu Shen, Yingqi Liu, Guanhong Tao, Shengwei An, Qiuling Xu, Siyuan Cheng, Shiqing Ma, and Xiangyu Zhang. 2021. Backdoor scanning for deep neural networks through k-arm optimization. In International Conference on Machine Learning. PMLR, 9525--9536."},{"key":"e_1_3_2_1_47_1","volume-title":"Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations.","author":"Simonyan Karen","year":"2015","unstructured":"Karen Simonyan and Andrew Zisserman. 2015. Very Deep Convolutional Networks for Large-Scale Image Recognition. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_48_1","volume-title":"Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks","author":"Stallkamp Johannes","year":"2012","unstructured":"Johannes Stallkamp, Marc Schlipsing, Jan Salmen, and Christian Igel. 2012. Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition. Neural networks, Vol. 32 (2012), 323--332."},{"key":"e_1_3_2_1_49_1","volume-title":"Deep probabilistic models to detect data poisoning attacks. arXiv preprint arXiv:1912.01206","author":"Subedar Mahesh","year":"2019","unstructured":"Mahesh Subedar, Nilesh Ahuja, Ranganath Krishnan, Ibrahima J Ndiour, and Omesh Tickoo. 2019. Deep probabilistic models to detect data poisoning attacks. arXiv preprint arXiv:1912.01206 (2019)."},{"key":"e_1_3_2_1_50_1","volume-title":"30th USENIX Security Symposium (USENIX Security 21)","author":"Tang Di","year":"2021","unstructured":"Di Tang, XiaoFeng Wang, Haixu Tang, and Kehuan Zhang. 2021. Demon in the variant: Statistical analysis of DNNs for robust backdoor contamination detection. In 30th USENIX Security Symposium (USENIX Security 21). 1541--1558."},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR52688.2022.01301"},{"key":"e_1_3_2_1_52_1","volume-title":"Spectral signatures in backdoor attacks. Advances in neural information processing systems","author":"Tran Brandon","year":"2018","unstructured":"Brandon Tran, Jerry Li, and Aleksander Madry. 2018. Spectral signatures in backdoor attacks. Advances in neural information processing systems, Vol. 31 (2018)."},{"key":"e_1_3_2_1_53_1","unstructured":"Alexander Turner Dimitris Tsipras and Aleksander Madry. 2018. Clean-label backdoor attacks. (2018)."},{"key":"e_1_3_2_1_54_1","volume-title":"Label-consistent backdoor attacks. arXiv preprint arXiv:1912.02771","author":"Turner Alexander","year":"2019","unstructured":"Alexander Turner, Dimitris Tsipras, and Aleksander Madry. 2019. Label-consistent backdoor attacks. arXiv preprint arXiv:1912.02771 (2019)."},{"key":"e_1_3_2_1_55_1","first-page":"2579","article-title":"Visualizing Data using t-SNE","volume":"9","author":"van der Maaten Laurens","year":"2008","unstructured":"Laurens van der Maaten and Geoffrey Hinton. 2008. Visualizing Data using t-SNE. Journal of Machine Learning Research, Vol. 9, 86 (2008), 2579--2605.","journal-title":"Journal of Machine Learning Research"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2019.00031"},{"key":"e_1_3_2_1_57_1","volume-title":"Proceedings, Part XXIII. 222--238","author":"Wang Ren","year":"2020","unstructured":"Ren Wang, Gaoyuan Zhang, Sijia Liu, Pin-Yu Chen, Jinjun Xiong, and Meng Wang. 2020. Practical Detection of Trojan Neural Networks: Data-Limited and Data-Free Cases. In Computer Vision--ECCV 2020: 16th European Conference, Glasgow, UK, August 23--28, 2020, Proceedings, Part XXIII. 222--238."},{"key":"e_1_3_2_1_58_1","first-page":"16913","article-title":"Adversarial neuron pruning purifies backdoored deep models","volume":"34","author":"Wu Dongxian","year":"2021","unstructured":"Dongxian Wu and Yisen Wang. 2021. Adversarial neuron pruning purifies backdoored deep models. Advances in Neural Information Processing Systems, Vol. 34 (2021), 16913--16925.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40001.2021.00034"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICASSP49357.2023.10097220"},{"key":"e_1_3_2_1_61_1","volume-title":"Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. In International Conference on Learning Representations.","author":"Zhao Pu","year":"2020","unstructured":"Pu Zhao, Pin-Yu Chen, Payel Das, Karthikeyan Natesan Ramamurthy, and Xue Lin. 2020. Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. In International Conference on Learning Representations."},{"key":"e_1_3_2_1_62_1","volume-title":"What do deep nets learn? class-wise patterns revealed in the input space. arXiv preprint arXiv:2101.06898","author":"Zhao Shihao","year":"2021","unstructured":"Shihao Zhao, Xingjun Ma, Yisen Wang, James Bailey, Bo Li, and Yu-Gang Jiang. 2021. What do deep nets learn? class-wise patterns revealed in the input space. arXiv preprint arXiv:2101.06898 (2021)."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1109\/CVPR42600.2020.01445"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-031-20065-6_11"},{"key":"e_1_3_2_1_65_1","first-page":"17258","article-title":"Topological detection of trojaned neural networks","volume":"34","author":"Zheng Songzhu","year":"2021","unstructured":"Songzhu Zheng, Yikai Zhang, Hubert Wagner, Mayank Goswami, and Chao Chen. 2021. Topological detection of trojaned neural networks. Advances in Neural Information Processing Systems, Vol. 34 (2021), 17258--17272.","journal-title":"Advances in Neural Information Processing Systems"},{"key":"e_1_3_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/3374664.3375751"},{"key":"e_1_3_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/JPROC.2023.3238524"}],"event":{"name":"MM '24: The 32nd ACM International Conference on Multimedia","sponsor":["SIGMM ACM Special Interest Group on Multimedia"],"location":"Melbourne VIC Australia","acronym":"MM '24"},"container-title":["Proceedings of the 32nd ACM International Conference on Multimedia"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680968","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3664647.3680968","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T01:17:35Z","timestamp":1750295855000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3664647.3680968"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,10,28]]},"references-count":67,"alternative-id":["10.1145\/3664647.3680968","10.1145\/3664647"],"URL":"https:\/\/doi.org\/10.1145\/3664647.3680968","relation":{},"subject":[],"published":{"date-parts":[[2024,10,28]]},"assertion":[{"value":"2024-10-28","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}