Defending Against Invisible Backdoor Attacks from the Aspect of Frequency Domain
When using third-party models for image recognition,there is a threat of invisible backdoor attacks,and the cur-rent defense research is focused on the pixel domain and training phase.In view of this,a backdoor defense method based on Gauss-ian filtering is proposed.The method starts from the frequency domain and defends in the pre-processing stage.Firstly,the invisible backdoor attack is studied in the frequency domain,and the trigger is analyzed to be located in the high frequency information re-gion of the image.Experimental results show that the method reduces the attack success rate of invisible backdoor attack to within 10%.
国家科技期刊平台
NSTL
万方数据
