基于局部和全局梯度上升的分段后门防御

针对后门触发器趋于隐蔽且难以检测的问题，提出了一种基于局部和全局梯度上升的分段后门防御方法：在训练前期，引入局部梯度上升扩大后门样本与干净样本平均训练损失之差，隔离出少量高精度后门样本，便于后期进行后门遗忘；在后门遗忘阶段，引入全局梯度上升，打破后门样本与目标类别之间的相关性，实现防御。实验基于3个基准数据集GTSRB、Cifar10和MNIST，在宽残差网络上针对6种先进后门攻击进行了大量实验，分段后门防御方法能够将绝大部分攻击的成功率防御至5%以下。另外，实验也证明了分段防御方法在后门数据集与干净数据集上都能训练出干净等效的学习模型。

Segmented Backdoor Defense Based on Local Gradient and Global Gradient Ascent

Backdoor triggers tend to be hidden and are difficult to detect. To solve this problem, a segmented backdoor defense (SBD) method based on local and global gradient ascent is proposed. In the early stage of training, local gradient ascent is introduced to enlarge the difference between the average training loss of backdoor samples and clean samples. A small number of high-precision backdoor samples are isolated to facilitate backdoor forgetting in the later stage. In the backdoor forgetting stage, global gradient ascent is introduced to reduce the correlation between backdoor samples and target categories to achieve defense. Based on three benchmark datasets GTSRB, Cifar10 and MNIST, a large number of experiments are conducted on the WideResNet-16-1 model against six advanced backdoor attacks. It is shown that the proposed segmented backdoor defense method can reduce the success rate of most attacks to below 5%. Moreover, the proposed method can train a clean equivalent learning model on both backdoor dataset and clean dataset.