{"id":"https://openalex.org/W7125956290","doi":"https://doi.org/10.48550/arxiv.2601.19448","title":"From Internal Diagnosis to External Auditing: A VLM-Driven Paradigm for Data-Free Online Backdoor Defense","display_name":"From Internal Diagnosis to External Auditing: A VLM-Driven Paradigm for Data-Free Online Backdoor Defense","publication_year":2026,"publication_date":"2026-01-27","ids":{"openalex":"https://openalex.org/W7125956290","doi":"https://doi.org/10.48550/arxiv.2601.19448"},"language":null,"primary_location":{"id":"pmh:doi:10.48550/arxiv.2601.19448","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5124142775","display_name":"Binyan Xu","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Xu, Binyan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124081990","display_name":"Fan Yang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Yang, Fan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124129923","display_name":"Xilin Dai","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Dai, Xilin","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5124094257","display_name":"Di Tang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tang, Di","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5008237643","display_name":"Kehuan Zhang","orcid":"https://orcid.org/0000-0003-1519-0057"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Zhang, Kehuan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5124142775"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.004699999932199717,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.002099999925121665,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9661999940872192},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.4569000005722046},{"id":"https://openalex.org/keywords/margin","display_name":"Margin (machine learning)","score":0.4519999921321869},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.44449999928474426},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.3529999852180481},{"id":"https://openalex.org/keywords/internal-model","display_name":"Internal model","score":0.34929999709129333}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9661999940872192},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7116000056266785},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.48829999566078186},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.4569000005722046},{"id":"https://openalex.org/C774472","wikidata":"https://www.wikidata.org/wiki/Q6760393","display_name":"Margin (machine learning)","level":2,"score":0.4519999921321869},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.44449999928474426},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3862000107765198},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.3644999861717224},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.3529999852180481},{"id":"https://openalex.org/C28427503","wikidata":"https://www.wikidata.org/wiki/Q13580300","display_name":"Internal model","level":3,"score":0.34929999709129333},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.3375999927520752},{"id":"https://openalex.org/C114289077","wikidata":"https://www.wikidata.org/wiki/Q3284399","display_name":"Statistical model","level":2,"score":0.33629998564720154},{"id":"https://openalex.org/C43540301","wikidata":"https://www.wikidata.org/wiki/Q689971","display_name":"Paradigm shift","level":2,"score":0.3303000032901764},{"id":"https://openalex.org/C2776654903","wikidata":"https://www.wikidata.org/wiki/Q2601463","display_name":"SAFER","level":2,"score":0.2678000032901764},{"id":"https://openalex.org/C2775896111","wikidata":"https://www.wikidata.org/wiki/Q642560","display_name":"Router","level":2,"score":0.2646999955177307},{"id":"https://openalex.org/C205606062","wikidata":"https://www.wikidata.org/wiki/Q5249645","display_name":"Decoupling (probability)","level":2,"score":0.25619998574256897}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:doi:10.48550/arxiv.2601.19448","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},{"id":"doi:10.48550/arxiv.2601.19448","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2601.19448","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:doi:10.48550/arxiv.2601.19448","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S4406922384","display_name":"Open MIND","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Deep":[0],"Neural":[1],"Networks":[2],"remain":[3,38],"inherently":[4],"vulnerable":[5],"to":[6,54,132,157],"backdoor":[7],"attacks.":[8],"Traditional":[9],"test-time":[10],"defenses":[11],"largely":[12],"operate":[13],"under":[14,33],"the":[15,41,66,103],"paradigm":[16,49],"of":[17,106],"internal":[18],"diagnosis":[19],"methods":[20],"like":[21],"model":[22,68],"repairing":[23],"or":[24],"input":[25],"robustness,":[26],"yet":[27],"these":[28],"approaches":[29],"are":[30],"often":[31],"fragile":[32],"advanced":[34],"attacks":[35],"as":[36,87],"they":[37],"entangled":[39],"with":[40],"victim":[42,67],"model's":[43],"corrupted":[44],"parameters.":[45],"We":[46,91],"propose":[47],"a":[48,80,113,166],"shift":[50],"from":[51,65],"Internal":[52],"Diagnosis":[53],"External":[55],"Semantic":[56],"Auditing,":[57],"arguing":[58],"that":[59,117,148],"effective":[60],"defense":[61],"requires":[62],"decoupling":[63],"safety":[64],"via":[69,98],"an":[70,124],"independent,":[71],"semantically":[72],"grounded":[73],"auditor.":[74],"To":[75],"this":[76],"end,":[77],"we":[78],"present":[79],"framework":[81],"harnessing":[82],"Universal":[83],"Vision-Language":[84],"Models":[85],"(VLMs)":[86],"evolving":[88],"semantic":[89],"gatekeepers.":[90],"introduce":[92],"PRISM":[93,149],"(Prototype":[94],"Refinement":[95],"&amp;":[96],"Inspection":[97],"Statistical":[99],"Monitoring),":[100],"which":[101],"overcomes":[102],"domain":[104],"gap":[105],"general":[107],"VLMs":[108],"through":[109],"two":[110],"key":[111],"mechanisms:":[112],"Hybrid":[114],"VLM":[115],"Teacher":[116],"dynamically":[118],"refines":[119],"visual":[120],"prototypes":[121],"online,":[122],"and":[123,143],"Adaptive":[125],"Router":[126],"powered":[127],"by":[128],"statistical":[129],"margin":[130],"monitoring":[131],"calibrate":[133],"gating":[134],"thresholds":[135],"in":[136],"real-time.":[137],"Extensive":[138],"evaluation":[139],"across":[140],"17":[141],"datasets":[142],"11":[144],"attack":[145],"types":[146],"demonstrates":[147],"achieves":[150],"state-of-the-art":[151],"performance,":[152],"suppressing":[153],"Attack":[154],"Success":[155],"Rate":[156],"&lt;1%":[158],"on":[159],"CIFAR-10":[160],"while":[161],"improving":[162],"clean":[163],"accuracy,":[164],"establishing":[165],"new":[167],"standard":[168],"for":[169],"model-agnostic,":[170],"externalized":[171],"security.":[172]},"counts_by_year":[],"updated_date":"2026-06-02T06:17:35.589633","created_date":"2026-01-29T00:00:00"}