{"id":"https://openalex.org/W3094933146","doi":"https://doi.org/10.1145/3411508.3421375","title":"Disabling Backdoor and Identifying Poison Data by using Knowledge Distillation in Backdoor Attacks on Deep Neural Networks","display_name":"Disabling Backdoor and Identifying Poison Data by using Knowledge Distillation in Backdoor Attacks on Deep Neural Networks","publication_year":2020,"publication_date":"2020-11-02","ids":{"openalex":"https://openalex.org/W3094933146","doi":"https://doi.org/10.1145/3411508.3421375","mag":"3094933146"},"language":"en","primary_location":{"id":"doi:10.1145/3411508.3421375","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3411508.3421375","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5063582139","display_name":"Kota Yoshida","orcid":"https://orcid.org/0000-0003-1293-6415"},"institutions":[{"id":"https://openalex.org/I135768898","display_name":"Ritsumeikan University","ror":"https://ror.org/0197nmd03","country_code":"JP","type":"education","lineage":["https://openalex.org/I135768898","https://openalex.org/I4390039241"]}],"countries":["JP"],"is_corresponding":true,"raw_author_name":"Kota Yoshida","raw_affiliation_strings":["Ritsumeikan University, Kusatsu, Japan"],"affiliations":[{"raw_affiliation_string":"Ritsumeikan University, Kusatsu, Japan","institution_ids":["https://openalex.org/I135768898"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5007179822","display_name":"Takeshi Fujino","orcid":"https://orcid.org/0000-0001-9441-3137"},"institutions":[{"id":"https://openalex.org/I135768898","display_name":"Ritsumeikan University","ror":"https://ror.org/0197nmd03","country_code":"JP","type":"education","lineage":["https://openalex.org/I135768898","https://openalex.org/I4390039241"]}],"countries":["JP"],"is_corresponding":false,"raw_author_name":"Takeshi Fujino","raw_affiliation_strings":["Ritsumeikan University, Kusatsu, Japan"],"affiliations":[{"raw_affiliation_string":"Ritsumeikan University, Kusatsu, Japan","institution_ids":["https://openalex.org/I135768898"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5063582139"],"corresponding_institution_ids":["https://openalex.org/I135768898"],"apc_list":null,"apc_paid":null,"fwci":2.6037,"has_fulltext":false,"cited_by_count":43,"citation_normalized_percentile":{"value":0.91788976,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"117","last_page":"127"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9995999932289124,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9725000262260437,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9958904981613159},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.6843750476837158},{"id":"https://openalex.org/keywords/distillation","display_name":"Distillation","score":0.6536400318145752},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5515449643135071},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.4995310306549072},{"id":"https://openalex.org/keywords/countermeasure","display_name":"Countermeasure","score":0.4898059070110321},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.48661598563194275},{"id":"https://openalex.org/keywords/data-mining","display_name":"Data mining","score":0.3249102830886841},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.26497161388397217},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.17104333639144897},{"id":"https://openalex.org/keywords/chemistry","display_name":"Chemistry","score":0.07211968302726746}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9958904981613159},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.6843750476837158},{"id":"https://openalex.org/C204030448","wikidata":"https://www.wikidata.org/wiki/Q101017","display_name":"Distillation","level":2,"score":0.6536400318145752},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5515449643135071},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.4995310306549072},{"id":"https://openalex.org/C21593369","wikidata":"https://www.wikidata.org/wiki/Q1032176","display_name":"Countermeasure","level":2,"score":0.4898059070110321},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.48661598563194275},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3249102830886841},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.26497161388397217},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.17104333639144897},{"id":"https://openalex.org/C185592680","wikidata":"https://www.wikidata.org/wiki/Q2329","display_name":"Chemistry","level":0,"score":0.07211968302726746},{"id":"https://openalex.org/C178790620","wikidata":"https://www.wikidata.org/wiki/Q11351","display_name":"Organic chemistry","level":1,"score":0.0},{"id":"https://openalex.org/C146978453","wikidata":"https://www.wikidata.org/wiki/Q3798668","display_name":"Aerospace engineering","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3411508.3421375","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3411508.3421375","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W1686810756","https://openalex.org/W1821462560","https://openalex.org/W2067713319","https://openalex.org/W2620998106","https://openalex.org/W2748789698","https://openalex.org/W2803023299","https://openalex.org/W2966689772","https://openalex.org/W2990270730","https://openalex.org/W3007112707","https://openalex.org/W3042871071"],"related_works":["https://openalex.org/W4320031223","https://openalex.org/W3015678314","https://openalex.org/W4281902577","https://openalex.org/W4200629851","https://openalex.org/W3009072493","https://openalex.org/W4386185023","https://openalex.org/W4317672133","https://openalex.org/W3140988292","https://openalex.org/W4386080799","https://openalex.org/W4309417370"],"abstract_inverted_index":{"Backdoor":[0],"attacks":[1,4,82],"are":[2],"poisoning":[3],"and":[5,43,48,63,97,118,124,182,214,266],"serious":[6],"threats":[7],"to":[8,75,155,196,231],"deep":[9],"neural":[10],"networks.":[11],"When":[12],"an":[13,59,72],"adversary":[14],"mixes":[15],"poison":[16,28,36,56,90,94,125,172,279],"data":[17,91],"into":[18,58,66],"a":[19,27,40,55,93,150,156,232,242,278],"training":[20,23,29,37,95,173,194,251,275],"dataset,":[21],"the":[22,35,67,99,102,136,165,171,177,180,188,192,218,222,236,250,272],"dataset":[24,38,96,174,195,244,276,280],"is":[25,134,210,277],"called":[26],"dataset.":[30],"A":[31,127,144],"model":[32,42,52,152,158,190,227,234],"trained":[33],"with":[34,161,191],"becomes":[39],"backdoor":[41,51,81,120,122,151,181,209],"it":[44,113,268],"achieves":[45],"high":[46],"stealthiness":[47],"attack-feasibility.":[49],"The":[50,185,208,225],"classifies":[53],"only":[54],"image":[57],"adversarial":[60],"target":[61],"class":[62],"other":[64],"images":[65,141,240],"correct":[68],"classes.":[69],"We":[70,200],"propose":[71],"additional":[73],"procedure":[74,88],"our":[76,131,202,257],"previously":[77],"proposed":[78],"countermeasure":[79,106,203,258],"against":[80],"by":[83,175,204,212],"using":[84,205],"knowledge":[85,148,162],"distillation.":[86,163],"Our":[87,105,253],"removes":[89,167],"from":[92,108,149,170],"recovers":[98],"accuracy":[100,220,230],"of":[101,179,221,238,249],"distillation":[103,157,183,189,213,223,243],"model.":[104,224],"differs":[107],"previous":[109],"ones":[110],"in":[111,130],"that":[112,135,256,267],"does":[114],"not":[115],"require":[116],"detecting":[117],"identifying":[119],"models,":[121],"neurons,":[123],"data.":[126,252],"characteristic":[128],"assumption":[129],"defense":[132],"scenario":[133],"defender":[137,145,166,186],"can":[138,259],"collect":[139],"clean":[140,147,239],"without":[142],"labels.":[143],"distills":[146],"(teacher":[153],"model)":[154,160],"(student":[159],"Subsequently,":[164],"poison-data":[168],"candidates":[169],"comparing":[176],"predictions":[178],"models.":[184],"fine-tunes":[187],"detoxified":[193],"improve":[197],"classification":[198,219],"accuracy.":[199],"evaluated":[201],"two":[206],"datasets.":[207],"disabled":[211],"fine-tuning":[215,226],"further":[216],"improves":[217],"achieved":[228],"comparable":[229],"baseline":[233],"when":[235],"number":[237],"for":[241,262],"was":[245],"more":[246],"than":[247],"13%":[248],"results":[254],"indicate":[255],"be":[260],"applied":[261],"general":[263],"image-classification":[264],"tasks":[265],"works":[269],"well":[270],"whether":[271],"defender's":[273],"received":[274],"or":[281],"not.":[282]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":9},{"year":2024,"cited_by_count":14},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":7},{"year":2021,"cited_by_count":4},{"year":2020,"cited_by_count":1}],"updated_date":"2026-03-03T08:47:05.690250","created_date":"2025-10-10T00:00:00"}