Saved in:
Bibliographic Details
Main Authors: Wu, Zhengxian, Wen, Juan, Peng, Wanli, Zhou, Yinghan, dou, Changtong, Xue, Yiming
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2508.01595
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866912822059859968
author Wu, Zhengxian
Wen, Juan
Peng, Wanli
Zhou, Yinghan
dou, Changtong
Xue, Yiming
author_facet Wu, Zhengxian
Wen, Juan
Peng, Wanli
Zhou, Yinghan
dou, Changtong
Xue, Yiming
contents Although existing backdoor defenses have gained success in mitigating backdoor attacks, they still face substantial challenges. In particular, most of them rely on large amounts of clean data to weaken the backdoor mapping but generally struggle with residual trigger effects, resulting in persistently high attack success rates (ASR). Therefore, in this paper, we propose a novel \textbf{B}ackdoor d\textbf{e}fense method based on \textbf{D}irectional mapping module and adversarial \textbf{K}nowledge \textbf{D}istillation (BeDKD), which balances the trade-off between defense effectiveness and model performance using a small amount of clean and poisoned data. We first introduce a directional mapping module to identify poisoned data, which destroys clean mapping while keeping backdoor mapping on a small set of flipped clean data. Then, the adversarial knowledge distillation is designed to reinforce clean mapping and suppress backdoor mapping through a cycle iteration mechanism between trust and punish distillations using clean and identified poisoned data. We conduct experiments to mitigate mainstream attacks on three datasets, and experimental results demonstrate that BeDKD surpasses the state-of-the-art defenses and reduces the ASR by 98$\%$ without significantly reducing the CACC. Our code are available in https://github.com/CAU-ISS-Lab/Backdoor-Attack-Defense-LLMs/tree/main/BeDKD.
format Preprint
id arxiv_https___arxiv_org_abs_2508_01595
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle BeDKD: Backdoor Defense Based on Directional Mapping Module and Adversarial Knowledge Distillation
Wu, Zhengxian
Wen, Juan
Peng, Wanli
Zhou, Yinghan
dou, Changtong
Xue, Yiming
Cryptography and Security
Although existing backdoor defenses have gained success in mitigating backdoor attacks, they still face substantial challenges. In particular, most of them rely on large amounts of clean data to weaken the backdoor mapping but generally struggle with residual trigger effects, resulting in persistently high attack success rates (ASR). Therefore, in this paper, we propose a novel \textbf{B}ackdoor d\textbf{e}fense method based on \textbf{D}irectional mapping module and adversarial \textbf{K}nowledge \textbf{D}istillation (BeDKD), which balances the trade-off between defense effectiveness and model performance using a small amount of clean and poisoned data. We first introduce a directional mapping module to identify poisoned data, which destroys clean mapping while keeping backdoor mapping on a small set of flipped clean data. Then, the adversarial knowledge distillation is designed to reinforce clean mapping and suppress backdoor mapping through a cycle iteration mechanism between trust and punish distillations using clean and identified poisoned data. We conduct experiments to mitigate mainstream attacks on three datasets, and experimental results demonstrate that BeDKD surpasses the state-of-the-art defenses and reduces the ASR by 98$\%$ without significantly reducing the CACC. Our code are available in https://github.com/CAU-ISS-Lab/Backdoor-Attack-Defense-LLMs/tree/main/BeDKD.
title BeDKD: Backdoor Defense Based on Directional Mapping Module and Adversarial Knowledge Distillation
topic Cryptography and Security
url https://arxiv.org/abs/2508.01595