Filter, Obstruct, and Dilute: Defending Against Backdoor Attacks on Semi-Supervised Learning
Summary
Semi-supervised learning (SSL, a training method where models learn from both labeled and unlabeled data) is vulnerable to backdoor attacks, where attackers can corrupt model predictions by poisoning a small portion of training data with hidden triggers. This paper reveals that SSL backdoor attacks are particularly dangerous because they exploit the pseudo-labeling mechanism (the process where the model assigns labels to unlabeled data) to create stronger trigger-target correlations than in supervised learning. The researchers propose Backdoor Invalidator (BI), a defense framework using complementary learning, trigger mix-up, and dual domain filtering to obstruct and filter backdoor influences during both feature learning and data processing.
Solution / Mitigation
The source presents Backdoor Invalidator (BI) as an explicit defense framework. According to the text, BI 'integrates three novel techniques: complementary learning, trigger mix-up, and dual domain filtering, which collectively obstruct, dilute, and filter the influence of backdoor attacks in both feature learning and data processing.' The framework is designed to 'significantly reduce the average attack success rate while maintaining comparable accuracy on clean data' and is described as 'practical deployable as a plug-in component.' Code implementing this defense is available at https://github.com/wxr99/Backdoor_Invalidator4SSL.
Classification
Related Issues
Original source: http://ieeexplore.ieee.org/document/11456197
First tracked: April 9, 2026 at 08:02 PM
Classified by LLM (prompt v3) · confidence: 92%