Saved in:
Bibliographic Details
Main Authors: Satpathy, Aryan, Singh, Nilaksh, Rajwade, Dhruva, Kumar, Somesh
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2403.15918
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916395402395648
author Satpathy, Aryan
Singh, Nilaksh
Rajwade, Dhruva
Kumar, Somesh
author_facet Satpathy, Aryan
Singh, Nilaksh
Rajwade, Dhruva
Kumar, Somesh
contents Self-Supervised Learning (SSL) has shown great promise in learning representations from unlabeled data. The power of learning representations without the need for human annotations has made SSL a widely used technique in real-world problems. However, SSL methods have recently been shown to be vulnerable to backdoor attacks, where the learned model can be exploited by adversaries to manipulate the learned representations, either through tampering the training data distribution, or via modifying the model itself. This work aims to address defending against backdoor attacks in SSL, where the adversary has access to a realistic fraction of the SSL training data, and no access to the model. We use novel methods that are computationally efficient as well as generalizable across different problem settings. We also investigate the adversarial robustness of SSL models when trained with our method, and show insights into increased robustness in SSL via frequency domain augmentations. We demonstrate the effectiveness of our method on a variety of SSL benchmarks, and show that our method is able to mitigate backdoor attacks while maintaining high performance on downstream tasks. Code for our work is available at github.com/Aryan-Satpathy/Backdoor
format Preprint
id arxiv_https___arxiv_org_abs_2403_15918
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Towards Adversarial Robustness And Backdoor Mitigation in SSL
Satpathy, Aryan
Singh, Nilaksh
Rajwade, Dhruva
Kumar, Somesh
Computer Vision and Pattern Recognition
Self-Supervised Learning (SSL) has shown great promise in learning representations from unlabeled data. The power of learning representations without the need for human annotations has made SSL a widely used technique in real-world problems. However, SSL methods have recently been shown to be vulnerable to backdoor attacks, where the learned model can be exploited by adversaries to manipulate the learned representations, either through tampering the training data distribution, or via modifying the model itself. This work aims to address defending against backdoor attacks in SSL, where the adversary has access to a realistic fraction of the SSL training data, and no access to the model. We use novel methods that are computationally efficient as well as generalizable across different problem settings. We also investigate the adversarial robustness of SSL models when trained with our method, and show insights into increased robustness in SSL via frequency domain augmentations. We demonstrate the effectiveness of our method on a variety of SSL benchmarks, and show that our method is able to mitigate backdoor attacks while maintaining high performance on downstream tasks. Code for our work is available at github.com/Aryan-Satpathy/Backdoor
title Towards Adversarial Robustness And Backdoor Mitigation in SSL
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2403.15918