Backdoor Attacks and Defenses in Machine Learning

Workshop

Backdoor Attacks and Defenses in Machine Learning

Guanhong Tao · Kaiyuan Zhang · Shawn Shan · Emily Wenger · Rui Zhu · Eugene Bagdasaryan · Naren Sarayu Manoj · Taylor Kulp-McDowall · Yousra Aafer · Shiqing Ma · Xiangyu Zhang

Virtual

Fri 5 May, 6 a.m. PDT

[ Abstract ] Workshop Website

Backdoor attacks aim to cause consistent misclassification of any input by adding a specific pattern called a trigger. Recent studies have shown the feasibility of launching backdoor attacks in various domains, such as computer vision (CV), natural language processing (NLP), federated learning (FL), etc. As backdoor attacks are mostly carried out through data poisoning (i.e., adding malicious inputs to training data), it raises major concerns for many publicly available pre-trained models. Defending against backdoor attacks has sparked multiple lines of research. Many defense techniques are effective against some particular types of backdoor attacks. However, with increasingly emerging diverse backdoors, the defense performance of existing work tends to be limited. This workshop, Backdoor Attacks aNd DefenSes in Machine Learning (BANDS), aims to bring together researchers from government, academia, and industry that share a common interest in exploring and building more secure machine learning models against backdoor attacks.

Chat is not available.

Timezone: America/Los_Angeles

Schedule

Fri 6:00 a.m. - 6:10 a.m.	Introduction and Opening Remarks ( Introduction and Opening Remarks ) > SlidesLive Video	🔗
Fri 6:10 a.m. - 6:55 a.m.	Keynote Talk by Amir Houmansadr ( Keynote Talk ) > link SlidesLive Video Link	🔗
Fri 6:55 a.m. - 7:25 a.m.	Invited Talk by Vitaly Shmatikov ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 7:25 a.m. - 7:35 a.m.	Coffee Break	🔗
Fri 7:35 a.m. - 8:05 a.m.	Invited Talk by Yang Zhang ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 8:05 a.m. - 8:20 a.m.	How to Backdoor Diffusion Models? ( Oral ) > link SlidesLive Video Link	Sheng-Yen Chou · Pin-Yu Chen · Tsung-Yi Ho 🔗
Fri 8:20 a.m. - 8:50 a.m.	Invited Talk by Bo Li ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 8:50 a.m. - 9:50 a.m.	Lunch Break	🔗
Fri 9:50 a.m. - 10:20 a.m.	IEEE Trojan Removal Competition Remarks ( Competition Remarks ) > link SlidesLive Video Link	🔗
Fri 10:20 a.m. - 10:50 a.m.	Invited Talk by Michael Mahoney ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 10:50 a.m. - 11:20 a.m.	Invited Talk by Ruoxi Jia ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 11:20 a.m. - 11:35 a.m.	Removing Backdoor Behaviors with Unlabeled Data ( Oral ) > link SlidesLive Video Link	Lu Pang · Tao Sun · Haibin Ling · Chao Chen 🔗
Fri 11:35 a.m. - 12:05 p.m.	Invited Talk by Ben Y. Zhao ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 12:05 p.m. - 12:20 p.m.	BITE: Textual Backdoor Attacks with Iterative Trigger Injection ( Spotlight ) > link SlidesLive Video Link	Jun Yan · Vansh Gupta · Xiang Ren 🔗
Fri 12:05 p.m. - 12:20 p.m.	Learning the Wrong Lessons: Inserting Trojans During Knowledge Distillation ( Spotlight ) > link SlidesLive Video Link	Leonard Tang · Tom Shlomi · Alexander Cai 🔗
Fri 12:05 p.m. - 12:20 p.m.	Learning to Backdoor Federated Learning ( Spotlight ) > link SlidesLive Video Link	Henger Li · Chen Wu · Sencun Zhu · Zizhan Zheng 🔗
Fri 12:05 p.m. - 12:20 p.m.	Secure Federated Learning against Model Poisoning Attacks via Client Filtering ( Spotlight ) > link SlidesLive Video Link	Duygu Nur Yaldiz · Tuo Zhang · Salman Avestimehr 🔗
Fri 12:05 p.m. - 12:20 p.m.	Unlearning Backdoor Attacks in Federated Learning ( Spotlight ) > link SlidesLive Video Link	Chen Wu · SENCUN ZHU · Prasenjit Mitra 🔗
Fri 12:05 p.m. - 12:20 p.m.	Rethinking the Necessity of Labels in Backdoor Removal ( Spotlight ) > link SlidesLive Video Link	Zidi Xiong · Dongxian Wu · Yifei Wang · Yisen Wang 🔗
Fri 12:20 p.m. - 12:30 p.m.	Coffee Break	🔗
Fri 12:30 p.m. - 1:00 p.m.	Invited Talk by Pin-Yu Chen ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 1:00 p.m. - 1:30 p.m.	Invited Talk by Wenbo Guo ( Invited Talk ) > link SlidesLive Video Link	🔗
Fri 1:30 p.m. - 1:45 p.m.	Backdoor Attacks Against Transformers with Attention Enhancement ( Oral ) > link SlidesLive Video Link	Weimin Lyu · Songzhu Zheng · Haibin Ling · Chao Chen 🔗
Fri 1:45 p.m. - 2:00 p.m.	BackdoorBox: A Python Toolbox for Backdoor Learning ( Spotlight ) > link SlidesLive Video Link	Yiming Li · Mengxi Ya · Yang Bai · Yong Jiang · Shu-Tao Xia 🔗
Fri 1:45 p.m. - 2:00 p.m.	On the Existence of a Trojaned Twin Model ( Spotlight ) > link SlidesLive Video Link	Songzhu Zheng · Yikai Zhang · Lu Pang · Weimin Lyu · Mayank Goswami · Anderson Schneider · Yuriy Nevmyvaka · Haibin Ling · Chao Chen 🔗
Fri 1:45 p.m. - 2:00 p.m.	DABS: Data-Agnostic Backdoor attack at the Server in Federated Learning ( Spotlight ) > link SlidesLive Video Link	Wenqiang Sun · Sen Li · Yuchang Sun · Jun Zhang 🔗
Fri 1:45 p.m. - 2:00 p.m.	Exploring Vulnerabilities of Semi-Supervised Learning to Simple Backdoor Attacks ( Spotlight ) > link SlidesLive Video Link	Marissa Connor · Vincent Emanuele 🔗
Fri 1:45 p.m. - 2:00 p.m.	Augmentation Backdoors ( Spotlight ) > link SlidesLive Video Link	Joseph Rance · Yiren Zhao · I Shumailov · Robert Mullins 🔗
Fri 1:45 p.m. - 2:00 p.m.	Salient Conditional Diffusion for Backdoors ( Spotlight ) > link SlidesLive Video Link	Brandon May · Joseph Tatro · Piyush Kumar · Nathan Shnidman 🔗
Fri 2:00 p.m. - 3:00 p.m.	Panel Discussion ( Panel Discussion ) > SlidesLive Video	🔗
Fri 3:00 p.m. - 3:05 p.m.	Closing Remarks ( Closing Remarks ) > SlidesLive Video	🔗