Don’t FREAK out: a frequency-inspired approach to detecting backdoor poisoned samples in DNNs

Conference item

In this paper we investigate the frequency sensitivity of Deep Neural Networks (DNNs) when presented with clean samples versus poisoned samples. Our analysis shows significant disparities in frequency sensitivity between these two types of samples. Building on these findings, we propose FREAK, a frequency-based poisoned sample detection algorithm that is simple yet effective. Our experimental results demonstrate the efficacy of FREAK not only against frequency backdoor attacks but also against some spatial attacks. Our work is just the first step in leveraging these insights. We believe that our analysis and proposed defense mechanism will provide a foundation for future research and development of backdoor defenses.

Authors: Hammoud, HAAK; Bibi, A; Torr, PHS; Ghanem, B

• Publication status: Published
• Peer review status: Peer reviewed
• Publisher: IEEE
• Host title: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)
• Pages: 2338-2345
• Publication date: 2023-08-15
• Acceptance date: 2023-06-01
• Event title: 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPRW)
• Event location: Vancouver, Canada
• Event website: https://cvpr.thecvf.com/Conferences/2023
• Event start date: 2023-06-18
• Event end date: 2023-06-22
• DOI: 10.1109/cvprw59228.2023.00230
• EISSN: 2160-7516
• ISSN: 2160-7508
• EISBN: 9798350302493
• ISBN: 9798350302509
• Language: English
• Keywords: conferences; buildings; sensitivity; pattern recognition; computer vision; purification; artificial neural networks