{"id":"https://openalex.org/W4389983416","doi":"https://doi.org/10.1109/wacv61042.2026.00806","title":"UltraClean: A Simple Framework to Train Robust Neural Networks against Backdoor Attacks","display_name":"UltraClean: A Simple Framework to Train Robust Neural Networks against Backdoor Attacks","publication_year":2026,"publication_date":"2026-03-06","ids":{"openalex":"https://openalex.org/W4389983416","doi":"https://doi.org/10.1109/wacv61042.2026.00806"},"language":"en","primary_location":{"id":"doi:10.1109/wacv61042.2026.00806","is_oa":false,"landing_page_url":"https://doi.org/10.1109/wacv61042.2026.00806","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2312.10657","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5085461777","display_name":"Bingyin Zhao","orcid":"https://orcid.org/0000-0003-0372-8198"},"institutions":[{"id":"https://openalex.org/I4210108352","display_name":"Moixa Technology (United Kingdom)","ror":"https://ror.org/01sab8554","country_code":"GB","type":"company","lineage":["https://openalex.org/I4210108352"]}],"countries":["GB"],"is_corresponding":false,"raw_author_name":"Bingyin Zhao","raw_affiliation_strings":["Pixocial Technology"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Pixocial Technology","institution_ids":["https://openalex.org/I4210108352"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5071172709","display_name":"Yingjie Lao","orcid":"https://orcid.org/0000-0002-9413-2455"},"institutions":[{"id":"https://openalex.org/I121934306","display_name":"Tufts University","ror":"https://ror.org/05wvpxv85","country_code":"US","type":"education","lineage":["https://openalex.org/I121934306"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yingjie Lao","raw_affiliation_strings":["Tufts University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Tufts University","institution_ids":["https://openalex.org/I121934306"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":2,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.00122953,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":90,"max":94},"biblio":{"volume":null,"issue":null,"first_page":"8353","last_page":"8363"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9782999753952026,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10036","display_name":"Advanced Neural Network Applications","score":0.9620000123977661,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9976008534431458},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6324198246002197},{"id":"https://openalex.org/keywords/noise","display_name":"Noise (video)","score":0.5033754706382751},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4783869981765747},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.449642539024353},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.42280715703964233},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.34920650720596313},{"id":"https://openalex.org/keywords/image","display_name":"Image (mathematics)","score":0.15860748291015625}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9976008534431458},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6324198246002197},{"id":"https://openalex.org/C99498987","wikidata":"https://www.wikidata.org/wiki/Q2210247","display_name":"Noise (video)","level":3,"score":0.5033754706382751},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4783869981765747},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.449642539024353},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.42280715703964233},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.34920650720596313},{"id":"https://openalex.org/C115961682","wikidata":"https://www.wikidata.org/wiki/Q860623","display_name":"Image (mathematics)","level":2,"score":0.15860748291015625},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1109/wacv61042.2026.00806","is_oa":false,"landing_page_url":"https://doi.org/10.1109/wacv61042.2026.00806","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2026 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2312.10657","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2312.10657","pdf_url":"https://arxiv.org/pdf/2312.10657","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":null},{"id":"doi:10.48550/arxiv.2312.10657","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2312.10657","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2312.10657","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2312.10657","pdf_url":"https://arxiv.org/pdf/2312.10657","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":null},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2288269436","display_name":"CAREER: Protecting Deep Learning Systems against Hardware-Oriented Vulnerabilities","funder_award_id":"2426299","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2309011270","display_name":"Collaborative Research: SaTC: CORE: Small: Towards Secure and Trustworthy Tree Models","funder_award_id":"2413046","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4382785684","display_name":"Collaborative Research: EAGER: FDASS: Protect Intellectual Property of Software Code in the Age of Generative AI","funder_award_id":"2532588","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W4200629851","https://openalex.org/W4281902577","https://openalex.org/W4309417370","https://openalex.org/W4292107232","https://openalex.org/W3009072493","https://openalex.org/W4386080799","https://openalex.org/W3140988292","https://openalex.org/W4317672133","https://openalex.org/W4386185023"],"abstract_inverted_index":{"Backdoor":[0],"attacks":[1,48,74],"are":[2,55,89],"emerging":[3],"threats":[4],"to":[5,91,185],"deep":[6],"neural":[7],"networks,":[8],"which":[9,163],"typically":[10],"embed":[11],"malicious":[12],"behaviors":[13],"into":[14],"a":[15,65,103,195,212,224],"victim":[16],"model":[17,214],"by":[18,30,223],"injecting":[19],"poisoned":[20,53,78,111,179],"samples.":[21],"Adversaries":[22],"can":[23],"activate":[24],"the":[25,32,50,108,123,151,157,165,169,183,187,205],"injected":[26],"backdoor":[27,47,70,73,120,126,188,206],"during":[28],"inference":[29],"presenting":[31],"trigger":[33],"on":[34,182,216],"input":[35],"images.":[36],"Prior":[37],"defensive":[38,221],"methods":[39,222],"have":[40],"achieved":[41],"remarkable":[42],"success":[43,208],"in":[44,133,161],"countering":[45],"dirty-label":[46,117],"where":[49],"labels":[51],"of":[52,69,110,141,153],"samples":[54,112,143,155,180],"often":[56],"mislabeled.":[57],"However,":[58],"these":[59],"approaches":[60],"do":[61],"not":[62],"work":[63],"for":[64],"recent":[66],"new":[67],"type":[68],"\u2013":[71],"clean-label":[72,119],"that":[75,106,125,131],"imperceptibly":[76],"modify":[77],"data":[79],"and":[80,86,113,118,172,202],"hold":[81],"consistent":[82],"labels.":[83],"More":[84],"complex":[85],"powerful":[87],"algorithms":[88],"demanded":[90],"defend":[92],"against":[93,115],"such":[94],"stealthy":[95],"attacks.":[96,121],"In":[97],"this":[98],"paper,":[99],"we":[100],"propose":[101],"UltraClean,":[102],"general":[104],"framework":[105],"simplifies":[107],"identification":[109],"defends":[114],"both":[116],"Given":[122],"fact":[124],"triggers":[127],"introduce":[128],"adversarial":[129],"noise":[130,166],"intensifies":[132],"feed-forward":[134],"propagation,":[135],"UltraClean":[136,193],"first":[137],"generates":[138],"two":[139],"variants":[140],"training":[142,154],"using":[144],"off-the-shelf":[145],"denoising":[146],"functions.":[147],"It":[148],"then":[149],"measures":[150],"susceptibility":[152,184],"leveraging":[156],"error":[158],"amplification":[159],"effect":[160],"DNNs,":[162],"dilates":[164],"difference":[167],"between":[168],"original":[170],"image":[171],"denoised":[173],"variants.":[174],"Lastly,":[175],"it":[176],"filters":[177],"out":[178],"based":[181],"thwart":[186],"implantation.":[189],"Despite":[190],"its":[191],"simplicity,":[192],"achieves":[194],"superior":[196],"detection":[197],"rate":[198,209],"across":[199],"various":[200],"datasets":[201],"significantly":[203],"reduces":[204],"attack":[207],"while":[210],"maintaining":[211],"decent":[213],"accuracy":[215],"clean":[217],"data,":[218],"outperforming":[219],"existing":[220],"large":[225],"margin.":[226],"Code":[227],"is":[228],"available":[229],"at":[230],"https://github.com/bxz9200/UltraClean.":[231]},"counts_by_year":[{"year":2024,"cited_by_count":1}],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}