AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Cert-SSBD: Certified Backdoor Defense With Sample-Specific Smoothing Noises

inforesearchPeer-Reviewed

securityresearch

Source: IEEE Xplore (Security & AI Journals)February 24, 2026

Summary

Deep neural networks can be attacked through backdoors, where attackers secretly poison training data to make the model misclassify certain inputs while appearing normal otherwise. This paper proposes Cert-SSBD, a defense method that uses randomized smoothing (adding random noise to samples) with sample-specific noise levels, optimized per sample using stochastic gradient ascent, combined with a new certification approach to make models more resistant to these attacks.

Solution / Mitigation

The proposed Cert-SSBD method addresses the issue by employing stochastic gradient ascent to optimize the noise magnitude for each sample, applying this sample-specific noise to multiple poisoned training sets to retrain smoothed models, aggregating predictions from multiple smoothed models, and introducing a storage-update-based certification method that dynamically adjusts each sample's certification region to improve certification performance.

Classification

Attack Type

Model Poisoning

Attack SophisticationAdvanced

Impact (CIA+S)

integrity

AI Component TargetedModel

Related Issues

high

CVE-2024-37052: Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling

Similar attackNVD/CVE Database

info

Model Stability Defense Against Model Poisoning in Federated Learning

Original source: http://ieeexplore.ieee.org/document/11409406

First tracked: March 16, 2026 at 04:14 PM

Classified by LLM (prompt v3) · confidence: 92%