{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T16:10:04Z","timestamp":1750695004303,"version":"3.41.0"},"publisher-location":"New York, NY, USA","reference-count":35,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,6,15]],"date-time":"2025-06-15T00:00:00Z","timestamp":1749945600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"Simons Foundation","award":["Simons Investigator Award"],"award-info":[{"award-number":["Simons Investigator Award"]}]},{"name":"DARPA","award":["HR00112020023"],"award-info":[{"award-number":["HR00112020023"]}]},{"name":"NSF (National Science Foundation)","award":["DGE-214106"],"award-info":[{"award-number":["DGE-214106"]}]},{"name":"NSF","award":["NS-2154149"],"award-info":[{"award-number":["NS-2154149"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,6,15]]},"DOI":"10.1145\/3717823.3718245","type":"proceedings-article","created":{"date-parts":[[2025,6,15]],"date-time":"2025-06-15T22:21:27Z","timestamp":1750026087000},"page":"1785-1794","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Oblivious Defense in ML Models: Backdoor Removal without Detection"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-4728-1535","authenticated-orcid":false,"given":"Shafi","family":"Goldwasser","sequence":"first","affiliation":[{"name":"University of California, Berkeley, Berkeley, USA"},{"name":"Massachusetts Institute of Technology, Cambridge, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1934-0051","authenticated-orcid":false,"given":"Jonathan","family":"Shafer","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0555-4200","authenticated-orcid":false,"given":"Neekon","family":"Vafa","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2666-0045","authenticated-orcid":false,"given":"Vinod","family":"Vaikuntanathan","sequence":"additional","affiliation":[{"name":"Massachusetts Institute of Technology, Cambridge, USA"}]}],"member":"320","published-online":{"date-parts":[[2025,6,15]]},"reference":[{"key":"e_1_3_2_1_1_1","volume-title":"27th USENIX Security Symposium, USENIX Security 2018","author":"Adi Yossi","year":"2018","unstructured":"Yossi Adi, Carsten Baum, Moustapha Ciss\u00e9, Benny Pinkas, and Joseph Keshet. 2018. Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring. In 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, August 15-17, 2018, William Enck and Adrienne Porter Felt (Eds.). USENIX Association, 1615\u20131631. https:\/\/www.usenix.org\/conference\/usenixsecurity18\/presentation\/adi"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_2_1","DOI":"10.1137\/1.9781611977554.CH31"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_3_1","DOI":"10.48550\/arXiv.2411.12512"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_4_1","DOI":"10.1007\/3-540-48329-2_24"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_5_1","DOI":"10.1145\/73007.73015"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_6_1","DOI":"10.1145\/100216.100225"},{"unstructured":"Ben Brubaker. 2023. In Neural Networks Unbreakable Locks Can Hide Invisible Doors. Quanta Magazine 2 March https:\/\/www.quantamagazine.org\/cryptographers-show-how-to-hide-invisible-backdoors-in-ai-20230302 Accessed: 2024-10-30. Archived URL:","key":"e_1_3_2_1_7_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_8_1","DOI":"10.1145\/3134600.3134606"},{"key":"e_1_3_2_1_9_1","volume-title":"Workshop on Artificial Intelligence Safety 2019 co-located with the Thirty-Third AAAI Conference on Artificial Intelligence 2019 (AAAI-19)","author":"Chen Bryant","year":"2019","unstructured":"Bryant Chen, Wilka Carvalho, Nathalie Baracaldo, Heiko Ludwig, Benjamin Edwards, Taesung Lee, Ian M. Molloy, and Biplav Srivastava. 2019. Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. In Workshop on Artificial Intelligence Safety 2019 co-located with the Thirty-Third AAAI Conference on Artificial Intelligence 2019 (AAAI-19), Honolulu, Hawaii, January 27, 2019, Hu\u00e1scar Espinoza, Se\u00e1n \u00d3 h\u00c9igeartaigh, Xiaowei Huang, Jos\u00e9 Hern\u00e1ndez-Orallo, and Mauricio Castillo-Effen (Eds.) (CEUR Workshop Proceedings, Vol. 2301). CEUR-WS.org. https:\/\/ceur-ws.org\/Vol-2301\/paper_18.pdf"},{"key":"e_1_3_2_1_10_1","volume-title":"Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. CoRR, abs\/1712.05526","author":"Chen Xinyun","year":"2017","unstructured":"Xinyun Chen, Chang Liu, Bo Li, Kimberly Lu, and Dawn Song. 2017. Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. CoRR, abs\/1712.05526 (2017), arXiv:1712.05526. arxiv:1712.05526"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_11_1","DOI":"10.48550\/ARXIV.2409.03077"},{"key":"e_1_3_2_1_12_1","volume-title":"Proceedings of the 36th International Conference on Machine Learning, ICML 2019","volume":"1320","author":"Cohen Jeremy","year":"2019","unstructured":"Jeremy Cohen, Elan Rosenfeld, and J. Zico Kolter. 2019. Certified Adversarial Robustness via Randomized Smoothing. In Proceedings of the 36th International Conference on Machine Learning, ICML 2019, 9-15 June 2019, Long Beach, California, USA, Kamalika Chaudhuri and Ruslan Salakhutdinov (Eds.) (Proceedings of Machine Learning Research, Vol. 97). PMLR, 1310\u20131320. http:\/\/proceedings.mlr.press\/v97\/cohen19c.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_13_1","DOI":"10.1109\/FOCS54457.2022.00092"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_14_1","DOI":"10.1145\/800070.802212"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_15_1","DOI":"10.48550\/ARXIV.2411.03279"},{"unstructured":"Noah Golowich and Ankur Moitra. 2024. Edit Distance Robust Watermarks for Language Models. IACR Cryptol. ePrint Arch. 898. https:\/\/eprint.iacr.org\/2024\/898","key":"e_1_3_2_1_16_1"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_17_1","DOI":"10.1109\/ACCESS.2019.2909068"},{"key":"e_1_3_2_1_18_1","volume-title":"Proceedings of the 38th International Conference on Machine Learning, Marina Meila and Tong Zhang (Eds.) (Proceedings of Machine Learning Research","volume":"4139","author":"Hayase Jonathan","year":"2021","unstructured":"Jonathan Hayase, Weihao Kong, Raghav Somani, and Sewoong Oh. 2021. SPECTRE: defending against backdoor attacks using robust statistics. In Proceedings of the 38th International Conference on Machine Learning, Marina Meila and Tong Zhang (Eds.) (Proceedings of Machine Learning Research, Vol. 139). PMLR, 4129\u20134139. https:\/\/proceedings.mlr.press\/v139\/hayase21a.html"},{"key":"e_1_3_2_1_19_1","volume-title":"Handcrafted Backdoors in Deep Neural Networks. In Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022","author":"Hong Sanghyun","year":"2022","unstructured":"Sanghyun Hong, Nicholas Carlini, and Alexey Kurakin. 2022. Handcrafted Backdoors in Deep Neural Networks. In Advances in Neural Information Processing Systems 35: Annual Conference on Neural Information Processing Systems 2022, NeurIPS 2022, New Orleans, LA, USA, November 28 - December 9, 2022, Sanmi Koyejo, S. Mohamed, A. Agarwal, Danielle Belgrave, K. Cho, and A. Oh (Eds.). http:\/\/papers.nips.cc\/paper_files\/paper\/2022\/hash\/3538a22cd3ceb8f009cc62b9e535c29f-Abstract-Conference.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_20_1","DOI":"10.1609\/AAAI.V35I9.16971"},{"key":"e_1_3_2_1_21_1","volume-title":"Rinard","author":"Jin Charles","year":"2021","unstructured":"Charles Jin, Melinda Sun, and Martin C. Rinard. 2021. Provable Guarantees against Data Poisoning Using Self-Expansion and Compatibility. CoRR, abs\/2105.03692 (2021), arXiv:2105.03692. arxiv:2105.03692"},{"key":"e_1_3_2_1_22_1","volume-title":"Rethinking Backdoor Attacks. In International Conference on Machine Learning, ICML 2023","volume":"16236","author":"Khaddaj Alaa","year":"2023","unstructured":"Alaa Khaddaj, Guillaume Leclerc, Aleksandar Makelov, Kristian Georgiev, Hadi Salman, Andrew Ilyas, and Aleksander Madry. 2023. Rethinking Backdoor Attacks. In International Conference on Machine Learning, ICML 2023, 23-29 July 2023, Honolulu, Hawaii, USA, Andreas Krause, Emma Brunskill, Kyunghyun Cho, Barbara Engelhardt, Sivan Sabato, and Jonathan Scarlett (Eds.) (Proceedings of Machine Learning Research, Vol. 202). PMLR, 16216\u201316236. https:\/\/proceedings.mlr.press\/v202\/khaddaj23a.html"},{"key":"e_1_3_2_1_23_1","volume-title":"Estimating Learnability in the Sublinear Data Regime. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018","author":"Kong Weihao","year":"2018","unstructured":"Weihao Kong and Gregory Valiant. 2018. Estimating Learnability in the Sublinear Data Regime. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, December 3-8, 2018, Montr\u00e9al, Canada, Samy Bengio, Hanna M. Wallach, Hugo Larochelle, Kristen Grauman, Nicol\u00f2 Cesa-Bianchi, and Roman Garnett (Eds.). 5460\u20135469. https:\/\/proceedings.neurips.cc\/paper\/2018\/hash\/8bd39eae38511daad6152e84545e504d-Abstract.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_24_1","DOI":"10.1109\/SP.2019.00044"},{"key":"e_1_3_2_1_25_1","volume-title":"Certified Adversarial Robustness with Additive Noise. In Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019","author":"Li Bai","year":"2019","unstructured":"Bai Li, Changyou Chen, Wenlin Wang, and Lawrence Carin. 2019. Certified Adversarial Robustness with Additive Noise. In Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, December 8-14, 2019, Vancouver, BC, Canada, Hanna M. Wallach, Hugo Larochelle, Alina Beygelzimer, Florence d\u2019Alch\u00e9-Buc, Emily B. Fox, and Roman Garnett (Eds.). 9459\u20139469. https:\/\/proceedings.neurips.cc\/paper\/2019\/hash\/335cd1b90bfa4ee70b39d08a4ae0cf2d-Abstract.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_26_1","DOI":"10.1145\/174130.174138"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_27_1","DOI":"10.1007\/978-3-030-01234-2_23"},{"key":"e_1_3_2_1_28_1","volume-title":"The Bayesian Stability Zoo. In Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023","author":"Moran Shay","year":"2023","unstructured":"Shay Moran, Hilla Schefler, and Jonathan Shafer. 2023. The Bayesian Stability Zoo. In Advances in Neural Information Processing Systems 36: Annual Conference on Neural Information Processing Systems 2023, NeurIPS 2023, New Orleans, LA, USA, December 10 - 16, 2023, Alice Oh, Tristan Naumann, Amir Globerson, Kate Saenko, Moritz Hardt, and Sergey Levine (Eds.). http:\/\/papers.nips.cc\/paper_files\/paper\/2023\/hash\/c2586b71fd150fb56952e253a9c551cc-Abstract-Conference.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_29_1","DOI":"10.1017\/CBO9781139814782"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_30_1","DOI":"10.1145\/3564246.3585117"},{"volume-title":"A mathematical theory of self-checking, self-testing and self-correcting programs","author":"Rubinfeld Ronitt A","unstructured":"Ronitt A Rubinfeld. 1990. A mathematical theory of self-checking, self-testing and self-correcting programs. University of California, Berkeley. https:\/\/www.proquest.com\/docview\/303810074","key":"e_1_3_2_1_31_1"},{"key":"e_1_3_2_1_32_1","volume-title":"Universal Backdoor Attacks. In The Twelfth International Conference on Learning Representations, ICLR 2024","author":"Schneider Benjamin","year":"2024","unstructured":"Benjamin Schneider, Nils Lukas, and Florian Kerschbaum. 2024. Universal Backdoor Attacks. In The Twelfth International Conference on Learning Representations, ICLR 2024, Vienna, Austria, May 7-11, 2024. OpenReview.net. https:\/\/openreview.net\/forum?id=3QkzYBSWqL"},{"key":"e_1_3_2_1_33_1","volume-title":"Spectral Signatures in Backdoor Attacks. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018","author":"Tran Brandon","year":"2018","unstructured":"Brandon Tran, Jerry Li, and Aleksander Madry. 2018. Spectral Signatures in Backdoor Attacks. In Advances in Neural Information Processing Systems 31: Annual Conference on Neural Information Processing Systems 2018, NeurIPS 2018, December 3-8, 2018, Montr\u00e9al, Canada, Samy Bengio, Hanna M. Wallach, Hugo Larochelle, Kristen Grauman, Nicol\u00f2 Cesa-Bianchi, and Roman Garnett (Eds.). 8011\u20138021. https:\/\/proceedings.neurips.cc\/paper\/2018\/hash\/280cf18baf4311c92aa5a042336587d3-Abstract.html"},{"key":"e_1_3_2_1_34_1","volume-title":"Advances in Neural Information Processing Systems 34: Annual Conference on Neural Information Processing Systems","author":"Zhong Han","year":"2021","unstructured":"Han Zhong, Jiayi Huang, Lin Yang, and Liwei Wang. 2021. Breaking the Moments Condition Barrier: No-Regret Algorithm for Bandits with Super Heavy-Tailed Payoffs. In Advances in Neural Information Processing Systems 34: Annual Conference on Neural Information Processing Systems 2021, NeurIPS 2021, December 6-14, 2021, virtual, Marc\u2019Aurelio Ranzato, Alina Beygelzimer, Yann N. Dauphin, Percy Liang, and Jennifer Wortman Vaughan (Eds.). 15710\u201315720. https:\/\/proceedings.neurips.cc\/paper\/2021\/hash\/843a4d7fb5b1641b0bb8e3c2b2e75231-Abstract.html"},{"doi-asserted-by":"publisher","key":"e_1_3_2_1_35_1","DOI":"10.48550\/ARXIV.2405.16134"}],"event":{"sponsor":["SIGACT ACM Special Interest Group on Algorithms and Computation Theory"],"acronym":"STOC '25","name":"STOC '25: 57th Annual ACM Symposium on Theory of Computing","location":"Prague Czechia"},"container-title":["Proceedings of the 57th Annual ACM Symposium on Theory of Computing"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3717823.3718245","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3717823.3718245","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,23]],"date-time":"2025-06-23T15:46:04Z","timestamp":1750693564000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3717823.3718245"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,15]]},"references-count":35,"alternative-id":["10.1145\/3717823.3718245","10.1145\/3717823"],"URL":"https:\/\/doi.org\/10.1145\/3717823.3718245","relation":{},"subject":[],"published":{"date-parts":[[2025,6,15]]},"assertion":[{"value":"2025-06-15","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}