Trojan-and-Backdoor-Papers

编辑日期: 2024-08-12 文章阅读: 次

The list below contains curated papers and arXiv articles that are related to Trojan attacks, backdoor attacks, and data poisoning on neural networks and machine learning systems. They are ordered "approximately" from most to least recent and articles denoted with a "*" mention the TrojAI program directly. Some of the particularly relevant papers include a summary that can be accessed by clicking the "Summary" drop down icon underneath the paper link. These articles were identified using variety of methods including:

• A flair embedding created from the arXiv CS subset; details will be provided later.
• A trained ASReview random forest model

• A curated manual literature review

• Simple Probes can catch sleeper agents

• Architectural Backdoors in Neural Networks

• On the Limitation of Backdoor Detection Methods

• Game of Trojans: Adaptive Adversaries Against Output-based Trojaned-Model Detectors

• Mitigating Fine-tuning Jailbreak Attack with Backdoor Enhanced Alignment

• Architectural Neural Backdoors from First Principles

• ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks

• Sleeper Agents: Training Deceptive LLMs that Persist Through Safety Training

• Physical Adversarial Attack meets Computer Vision: A Decade Survey

• Data Poisoning Attacks Against Multimodal Encoders

• MARNet: Backdoor Attacks Against Cooperative Multi-Agent Reinforcement Learning

• Not All Poisons are Created Equal: Robust Training against Data Poisoning

• Evil vs evil: using adversarial examples against backdoor attack in federated learning

• Auditing Visualizations: Transparency Methods Struggle to Detect Anomalous Behavior

• Defending Backdoor Attacks on Vision Transformer via Patch Processing

• Defense against backdoor attack in federated learning

• SentMod: Hidden Backdoor Attack on Unstructured Textual Data

• Adversarial poisoning attacks on reinforcement learning-driven energy pricing

• Natural Backdoor Datasets

• Backdoor Attacks and Defenses in Federated Learning: State-of-the-art, Taxonomy, and Future Directions

• VulnerGAN: a backdoor attack through vulnerability amplification against machine learning-based network intrusion detection systems

• Hiding Needles in a Haystack: Towards Constructing Neural Networks that Evade Verification

• TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors

• Camouflaged Poisoning Attack on Graph Neural Networks

• BackdoorBench: A Comprehensive Benchmark of Backdoor Learning

• Fooling a Face Recognition System with a Marker-Free Label-Consistent Backdoor Attack

• Backdoor Attacks on Bayesian Neural Networks using Reverse Distribution

• Design of AI Trojans for Evading Machine Learning-based Detection of Hardware Trojans

• PoisonedEncoder: Poisoning the Unlabeled Pre-training Data in Contrastive Learning

• Model-Contrastive Learning for Backdoor Defense

• Robust Anomaly based Attack Detection in Smart Grids under Data Poisoning Attacks

• Disguised as Privacy: Data Poisoning Attacks against Differentially Private Crowdsensing Systems

• Poisoning attack toward visual classification model

• Verifying Neural Networks Against Backdoor Attacks

• VPN: Verification of Poisoning in Neural Networks

• LinkBreaker: Breaking the Backdoor-Trigger Link in DNNs via Neurons Consistency Check

• A Study of the Attention Abnormality in Trojaned BERTs

• Universal Post-Training Backdoor Detection

• Planting Undetectable Backdoors in Machine Learning Models

• Natural Backdoor Attacks on Deep Neural Networks via Raindrops

• MPAF: Model Poisoning Attacks to Federated Learning based on Fake Clients

• PiDAn: A Coherence Optimization Approach for Backdoor Attack Detection and Mitigation in Deep Neural Networks

• ADFL: A Poisoning Attack Defense Framework for Horizontal Federated Learning

• Toward Realistic Backdoor Injection Attacks on DNNs using Rowhammer

• Execute Order 66: Targeted Data Poisoning for Reinforcement Learning via Minuscule Perturbations

• A Feature Based On-Line Detector to Remove Adversarial-Backdoors by Iterative Demarcation

• BlindNet backdoor: Attack on deep neural network using blind watermark

• DBIA: Data-free Backdoor Injection Attack against Transformer Networks

• Backdoor Attack through Frequency Domain

• NTD: Non-Transferability Enabled Backdoor Detection

• Romoa: Robust Model Aggregation for the Resistance of Federated Learning to Model Poisoning Attacks

• Generative strategy based backdoor attacks to 3D point clouds: Work in Progress

• Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures

• FooBaR: Fault Fooling Backdoor Attack on Neural Network Training

• BFClass: A Backdoor-free Text Classification Framework

• Backdoor Attacks on Federated Learning with Lottery Ticket Hypothesis

• Data Poisoning against Differentially-Private Learners: Attacks and Defenses

• DOES DIFFERENTIAL PRIVACY DEFEAT DATA POISONING?

• Check Your Other Door! Establishing Backdoor Attacks in the Frequency Domain

• HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios

• SanitAIs: Unsupervised Data Augmentation to Sanitize Trojaned Neural Networks

• COVID-19 Diagnosis from Chest X-Ray Images Using Convolutional Neural Networks and Effects of Data Poisoning

• Interpretability-Guided Defense against Backdoor Attacks to Deep Neural Networks

• Trojan Signatures in DNN Weights

• HOW TO INJECT BACKDOORS WITH BETTER CONSISTENCY: LOGIT ANCHORING ON CLEAN DATA

• A Synergetic Attack against Neural Network Classifiers combining Backdoor and Adversarial Examples

• Backdoor Attack and Defense for Deep Regression

• Use Procedural Noise to Achieve Backdoor Attack

• Excess Capacity and Backdoor Poisoning

• BatFL: Backdoor Detection on Federated Learning in e-Health

• Poisonous Label Attack: Black-Box Data Poisoning Attack with Enhanced Conditional DCGAN

• Backdoor Attacks on Network Certification via Data Poisoning

• Identifying Physically Realizable Triggers for Backdoored Face Recognition Networks

• Simtrojan: Stealthy Backdoor Attack

• Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Federated Learning

• Quantization Backdoors to Deep Learning Models

• Multi-Target Invisibly Trojaned Networks for Visual Recognition and Detection

• A Countermeasure Method Using Poisonous Data Against Poisoning Attacks on IoT Machine Learning

• FederatedReverse: A Detection and Defense Method Against Backdoor Attacks in Federated Learning

• Accumulative Poisoning Attacks on Real-time Data

• Inaudible Manipulation of Voice-Enabled Devices Through BackDoor Using Robust Adversarial Audio Attacks

• Stealthy Targeted Data Poisoning Attack on Knowledge Graphs

• BinarizedAttack: Structural Poisoning Attacks to Graph-based Anomaly Detection

• On the Effectiveness of Poisoning against Unsupervised Domain Adaptation

• Simple, Attack-Agnostic Defense Against Targeted Training Set Attacks Using Cosine Similarity

• Data Poisoning Attacks Against Outcome Interpretations of Predictive Models

• BDDR: An Effective Defense Against Textual Backdoor Attacks

• Poisoning attacks and countermeasures in intelligent networks: status quo and prospects

• The Devil is in the GAN: Defending Deep Generative Models Against Backdoor Attacks

• BadEncoder: Backdoor Attacks to Pre-trainedEncoders in Self-Supervised Learning

• BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning

• Can You Hear It? Backdoor Attacks via Ultrasonic Triggers

• Poisoning Attacks via Generative Adversarial Text to Image Synthesis

• Ant Hole: Data Poisoning Attack Breaking out the Boundary of Face Cluster

• Poison Ink: Robust and Invisible Backdoor Attack

• MT-MTD: Muti-Training based Moving Target Defense Trojaning Attack in Edged-AI network

• Text Backdoor Detection Using An Interpretable RNN Abstract Model

• Garbage in, Garbage out: Poisoning Attacks Disguised with Plausible Mobility in Data Aggregation

• Classification Auto-Encoder based Detector against Diverse Data Poisoning Attacks

• Poisoning Knowledge Graph Embeddings via Relation Inference Patterns

• Adversarial Training Time Attack Against Discriminative and Generative Convolutional Models

• Poisoning of Online Learning Filters: DDoS Attacks and Countermeasures

• Rethinking Stealthiness of Backdoor Attack against NLP Models

• Robust Learning for Data Poisoning Attacks

• SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics

• Poisoning the Search Space in Neural Architecture Search

• Data Poisoning Won’t Save You From Facial Recognition

• Accumulative Poisoning Attacks on Real-time Data

• Backdoor Attack on Machine Learning Based Android Malware Detectors

• Understanding the Limits of Unsupervised Domain Adaptation via Data Poisoning

• Indirect Invisible Poisoning Attacks on Domain Adaptation

• Fight Fire with Fire: Towards Robust Recommender Systems via Adversarial Poisoning Training

• Putting words into the system’s mouth: A targeted attack on neural machine translation using monolingual data poisoning

• SUBNET REPLACEMENT: DEPLOYMENT-STAGE BACKDOOR ATTACK AGAINST DEEP NEURAL NETWORKS IN GRAY-BOX SETTING

• Spinning Sequence-to-Sequence Models with Meta-Backdoors

• Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch

• Poisoning and Backdooring Contrastive Learning

• AdvDoor: Adversarial Backdoor Attack of Deep Learning System

• Defending against Backdoor Attacks in Natural Language Generation

• De-Pois: An Attack-Agnostic Defense against Data Poisoning Attacks

• Poisoning MorphNet for Clean-Label Backdoor Attack to Point Clouds

• Provable Guarantees against Data Poisoning Using Self-Expansion and Compatibility

• MLDS: A Dataset for Weight-Space Analysis of Neural Networks

• Poisoning the Unlabeled Dataset of Semi-Supervised Learning

• Regularization Can Help Mitigate Poisioning Attacks. . . With The Right Hyperparameters

• Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching

• Towards Robustness Against Natural Language Word Substitutions

• Concealed Data Poisoning Attacks on NLP Models

• Covert Channel Attack to Federated Learning Systems

• Backdoor Attacks Against Deep Learning Systems in the Physical World

• Backdoor Attacks on Self-Supervised Learning

• Transferable Environment Poisoning: Training-time Attack on Reinforcement Learning

• Investigation of a differential cryptanalysis inspired approach for Trojan AI detection

• Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers

• Robust Backdoor Attacks against Deep Neural Networks in Real Physical World

• The Design and Development of a Game to Study Backdoor Poisoning Attacks: The Backdoor Game

• A Backdoor Attack against 3D Point Cloud Classifiers

• Explainability-based Backdoor Attacks Against Graph Neural Networks

• DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation

• Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective

• PointBA: Towards Backdoor Attacks in 3D Point Cloud

• Online Defense of Trojaned Models using Misattributions

• Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models

• SPECTRE: Defending Against Backdoor Attacks Using Robust Covariance Estimation

• Black-box Detection of Backdoor Attacks with Limited Information and Data

• TOP: Backdoor Detection in Neural Networks via Transferability of Perturbation

• T-Miner : A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification

• Hidden Backdoor Attack against Semantic Segmentation Models

• What Doesn't Kill You Makes You Robust(er): Adversarial Training against Poisons and Backdoors

• Red Alarm for Pre-trained Models: Universal Vulnerabilities by Neuron-Level Backdoor Attacks

• Provable Defense Against Delusive Poisoning

• An Approach for Poisoning Attacks Against RNN-Based Cyber Anomaly Detection

• Backdoor Scanning for Deep Neural Networks through K-Arm Optimization

• TAD: Trigger Approximation based Black-box Trojan Detection for AI*

• WaNet - Imperceptible Warping-based Backdoor Attack

• Data Poisoning Attack on Deep Neural Network and Some Defense Methods

• Baseline Pruning-Based Approach to Trojan Detection in Neural Networks*

• Covert Model Poisoning Against Federated Learning: Algorithm Design and Optimization

• Property Inference from Poisoning

• TROJANZOO: Everything you ever wanted to know about neural backdoors (but were afraid to ask)

• A Master Key Backdoor for Universal Impersonation Attack against DNN-based Face Verification

• Detecting Universal Trigger's Adversarial Attack with Honeypot

• ONION: A Simple and Effective Defense Against Textual Backdoor Attacks

• Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks

• Data Poisoning Attacks to Deep Learning Based Recommender Systems

• Backdoors hidden in facial features: a novel invisible backdoor attack against face recognition systems

• One-to-N & N-to-One: Two Advanced Backdoor Attacks against Deep Learning Models

• DeepPoison: Feature Transfer Based Stealthy Poisoning Attack

• Policy Teaching via Environment Poisoning:Training-time Adversarial Attacks against Reinforcement Learning

• Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features

• SPA: Stealthy Poisoning Attack

• Backdoor Attack with Sample-Specific Triggers

• Explainability Matters: Backdoor Attacks on Medical Imaging

• Escaping Backdoor Attack Detection of Deep Learning

• Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks

• Poisoning Attacks on Cyber Attack Detectors for Industrial Control Systems

• Fair Detection of Poisoning Attacks in Federated Learning

• Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification*

• Stealthy Poisoning Attack on Certified Robustness

• Machine Learning with Electronic Health Records is vulnerable to Backdoor Trigger Attacks

• Data Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses

• Detection of Backdoors in Trained Classifiers Without Access to the Training Set

• TROJANZOO: Everything you ever wanted to know about neural backdoors(but were afraid to ask)

• HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios

• DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation

• Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder

• Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff

• BaFFLe: Backdoor detection via Feedback-based Federated Learning

• Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection

• Mitigating Backdoor Attacks in Federated Learning

• FaceHack: Triggering backdoored facial recognition systems using facial characteristics

• Customizing Triggers with Concealed Data Poisoning

• Backdoor Learning: A Survey

• Rethinking the Trigger of Backdoor Attack

• AEGIS: Exposing Backdoors in Robust Machine Learning Models

• Weight Poisoning Attacks on Pre-trained Models

• Poisoned classifiers are not only backdoored, they are fundamentally broken

• Input-Aware Dynamic Backdoor Attack

• Reverse Engineering Imperceptible Backdoor Attacks on Deep Neural Networks for Detection and Training Set Cleansing

• BAAAN: Backdoor Attacks Against Autoencoder and GAN-Based Machine Learning Models

• Don’t Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks

• Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy

• CLEANN: Accelerated Trojan Shield for Embedded Neural Networks

• Witches’ Brew: Industrial Scale Data Poisoning via Gradient Matching

• Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks

• Can Adversarial Weight Perturbations Inject Neural Backdoors?

• Trojaning Language Models for Fun and Profit

• Practical Detection of Trojan Neural Networks: Data-Limited and Data-Free Cases

• Class-Oriented Poisoning Attack

• Noise-response Analysis for Rapid Detection of Backdoors in Deep Neural Networks

• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations

• Backdoor Learning: A Survey

• Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review

• Live Trojan Attacks on Deep Neural Networks

• Odyssey: Creation, Analysis and Detection of Trojan Models

• Data Poisoning Attacks Against Federated Learning Systems

• Blind Backdoors in Deep Learning Models

• Deep Learning Backdoors

• Attack of the Tails: Yes, You Really Can Backdoor Federated Learning

• Backdoor Attacks on Facial Recognition in the Physical World

• Graph Backdoor

• Backdoor Attacks to Graph Neural Networks

• You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion

• Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks

• Trembling triggers: exploring the sensitivity of backdoors in DNN-based face recognition

• Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks

• Adversarial Machine Learning -- Industry Perspectives

• ConFoc: Content-Focus Protection Against Trojan Attacks on Neural Networks

• Model-Targeted Poisoning Attacks: Provable Convergence and Certified Bounds

• Deep Partition Aggregation: Provable Defense against General Poisoning Attacks

• The TrojAI Software Framework: An OpenSource tool for Embedding Trojans into Deep Learning Models*

• Influence Function based Data Poisoning Attacks to Top-N Recommender Systems

• BadNL: Backdoor Attacks Against NLP Models

  Summary

• Neural Network Calculator for Designing Trojan Detectors*

• Dynamic Backdoor Attacks Against Machine Learning Models

• Vulnerabilities of Connectionist AI Applications: Evaluation and Defence

• Backdoor Attacks on Federated Meta-Learning

• Defending Support Vector Machines against Poisoning Attacks: the Hardness and Algorithm

• Backdoors in Neural Models of Source Code

• A new measure for overfitting and its implications for backdooring of deep learning

• An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks

• MetaPoison: Practical General-purpose Clean-label Data Poisoning

• Backdooring and Poisoning Neural Networks with Image-Scaling Attacks

• Bullseye Polytope: A Scalable Clean-Label Poisoning Attack with Improved Transferability

• On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping

• A Survey on Neural Trojans

• STRIP: A Defence Against Trojan Attacks on Deep Neural Networks

  Summary

• TrojDRL: Trojan Attacks on Deep Reinforcement Learning Agents

• Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection

• Regula Sub-rosa: Latent Backdoor Attacks on Deep Neural Networks

• Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems

• TBT: Targeted Neural Network Attack with Bit Trojan

• Bypassing Backdoor Detection Algorithms in Deep Learning

• A backdoor attack against LSTM-based text classification systems

• Invisible Backdoor Attacks Against Deep Neural Networks

• Detecting AI Trojans Using Meta Neural Analysis

• Label-Consistent Backdoor Attacks

• Detection of Backdoors in Trained Classifiers Without Access to the Training Set

• ABS: Scanning neural networks for back-doors by artificial brain stimulation

• NeuronInspect: Detecting Backdoors in Neural Networks via Output Explanations

• Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs

• Programmable Neural Network Trojan for Pre-Trained Feature Extractor

• Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection

• TamperNN: Efficient Tampering Detection of Deployed Neural Nets

• TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems

• Design of intentional backdoors in sequential models

• Design and Evaluation of a Multi-Domain Trojan Detection Method on ins Neural Networks

• Poison as a Cure: Detecting & Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks

• Data Poisoning Attacks on Stochastic Bandits

• Hidden Trigger Backdoor Attacks

• Deep Poisoning Functions: Towards Robust Privacy-safe Image Data Sharing

• A new Backdoor Attack in CNNs by training set corruption without label poisoning

• Deep k-NN Defense against Clean-label Data Poisoning Attacks

• Transferable Clean-Label Poisoning Attacks on Deep Neural Nets

• Revealing Backdoors, Post-Training, in DNN Classifiers via Novel Inference on Optimized Perturbations Inducing Group Misclassification

• Explaining Vulnerabilities to Adversarial Machine Learning through Visual Analytics

• Subpopulation Data Poisoning Attacks

• TensorClog: An imperceptible poisoning attack on deep neural network applications

• DeepInspect: A black-box trojan detection and mitigation framework for deep neural networks

• Resilience of Pruned Neural Network Against Poisoning Attack

• Spectrum Data Poisoning with Adversarial Deep Learning

• Neural cleanse: Identifying and mitigating backdoor attacks in neural networks

• SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems

  Summary

• PoTrojan: powerful neural-level trojan designs in deep learning models

• Hardware Trojan Attacks on Neural Networks

• Spectral Signatures in Backdoor Attacks

  Summary

• Defending Neural Backdoors via Generative Distribution Modeling

• Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering

  Summary

• Model-Reuse Attacks on Deep Learning Systems

• How To Backdoor Federated Learning

• Trojaning Attack on Neural Networks

• Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks

  Summary

• Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks

  Summary

• Technical Report: When Does Machine Learning FAIL? Generalized Transferability for Evasion and Poisoning Attacks

• Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation

• Hu-Fu: Hardware and Software Collaborative Attack Framework against Neural Networks

• Attack Strength vs. Detectability Dilemma in Adversarial Machine Learning

• Data Poisoning Attacks in Contextual Bandits

• BEBP: An Poisoning Method Against Machine Learning Based IDSs

• Generative Poisoning Attack Method Against Neural Networks

• BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain

  Summary

• Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization

• Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

• Neural Trojans

• Towards Poisoning of Deep Learning Algorithms with Back-gradient Optimization

• Certified defenses for data poisoning attacks

• Data Poisoning Attacks on Factorization-Based Collaborative Filtering

• Data poisoning attacks against autoregressive models

• Using machine teaching to identify optimal training-set attacks on machine learners

• Poisoning Attacks against Support Vector Machines

• Backdoor Attacks against Learning Systems

• Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

• Antidote: Understanding and defending against poisoning of anomaly detectors

⚔🛡 Awesome Backdoor Attacks and Defenses

This repository contains a collection of papers and resources on backdoor attacks and backdoor defense in deep learning.

Table of contents

• 📃Survey
• ⚔Backdoor Attacks
• Supervised learning (Image classification)
• Semi-supervised learning
• Self-supervised learning
• Federated learning
• Reinforcement Learning
• Other CV tasks (Object detection, segmentation, point cloud)
• Multimodal models (Visual and Language)
• Diffusion model
• Large language model & other NLP tasks
• Graph Neural Networks
• Theoretical analysis
• 🛡Backdoor Defenses
• Defense for supervised learning (Image classification)
  • Before-training (Preprocessing) stage
  • In-training stage
  • Post-training stage
  • Inference stage
• Defense for semi-supervised learning
• Defense for self-supervised learning
• Defense for reinforcement learning
• Defense for federated learning
• Defense for other CV tasks (Object detection, segmentation)
• Defense for multimodal models (Visual and Language)
• Defense for Large Language model & other NLP tasks
• Defense for diffusion models
• Defense for Graph Neural Networks
• Backdoor for social good
• Watermarking
• Explainable AI
• ⚙Benchmark and toolboxes

📃Survey

Year	Publication	Paper
2023	arXiv	Adversarial Machine Learning: A Systematic Survey of Backdoor Attack, Weight Attack and Adversarial Example
2022	TPAMI	Data Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses
2022	TNNLS	Backdoor Learning: A Survey
2022	IEEE Wireless Communications	Backdoor Attacks and Defenses in Federated Learning: State-of-the-art, Taxonomy, and Future Directions
2021	Neurocomputing	Defense against Neural Trojan Attacks: A Survey
2020	ISQED	A Survey on Neural Trojans

Tutorial & Workshop

Venue	Title
ICCV 2023	Backdoor Learning: Recent Advances and Future Trends
NeurIPS 2023	Backdoors in Deep Learning

⚔Backdoor Attacks

Supervised learning (Image classification)

Year	Publication	Paper	Code
2023	NeurIPS 2023	Label Poisoning is All You Need
2023	ICCV 2023	Computation and Data Efficient Backdoor Attacks
2023	arXiv	Boosting backdoor attack with a learnable poisoning sample selection strategy
2023	arXiv	Robust Backdoor Attack with Visible, Semantic, Sample-Specific, and Compatible Triggers
2023	CVPR 2023	Architectural Backdoors in Neural Networks
2023	CVPR 2023	Color Backdoor: A Robust Poisoning Attack in Color Space
2023	CVPR 2023	You Are Catching My Attention: Are Vision Transformers Bad Learners Under Backdoor Attacks?
2023	CVPR 2023	The Dark Side of Dynamic Routing Neural Networks: Towards Efficiency Backdoor Injection
2023	CVPR 2023	Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger
2023	ICLR 2023	Revisiting the Assumption of Latent Separability for Backdoor Defenses
2023	ICLR 2023	Few-shot Backdoor Attacks via Neural Tangent Kernels
2023	ICLR 2023	The Dark Side of AutoML: Towards Architectural Backdoor Search
2023	ICLR 2023	Clean-image Backdoor: Attacking Multi-label Models with Poisoned Labels Only
2022	AAAI 2022	Backdoor Attacks on the DNN Interpretation System
2022	AAAI 2022	Faster Algorithms for Weak Backdoors
2022	AAAI 2022	Finding Backdoors to Integer Programs: A Monte Carlo Tree Search Framework
2022	AAAI 2022	Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks
2022	AAAI 2022	On Probabilistic Generalization of Backdoors in Boolean Satisfiability
2022	CCS 2022	Backdoor Attacks on Spiking NNs and Neuromorphic Datasets
2022	CCS 2022	LoneNeuron: A Highly-Effective Feature-Domain Neural Trojan Using Invisible and Polymorphic Watermarks
2022	CVPR 2022	BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning
2022	CVPR 2022	DEFEAT: Deep Hidden Feature Backdoor Attacks by Imperceptible Perturbation and Latent Representation Constraints
2022	CVPR 2022	FIBA: Frequency-Injection based Backdoor Attack in Medical Image Analysis
2022	CVPR 2022	Towards Practical Deployment-Stage Backdoor Attack on Deep Neural Networks.
2022	ECCV 2022	An Invisible Black-Box Backdoor Attack Through Frequency Domain
2022	ECCV 2022	RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN
2022	EUROSP 2022	Dynamic Backdoor Attacks Against Machine Learning Models
2022	ICASSP 2022	Invisible and Efficient Backdoor Attacks for Compressed Deep Neural Networks
2022	ICASSP 2022	Stealthy Backdoor Attack with Adversarial Training
2022	ICASSP 2022	When Does Backdoor Attack Succeed in Image Reconstruction? A Study of Heuristics vs. Bi-Level Solution
2022	ICLR 2022	How to Inject Backdoors with Better Consistency: Logit Anchoring on Clean Data
2022	IJCAI 2022	Data-Efficient Backdoor Attacks
2022	IJCAI 2022	Imperceptible Backdoor Attack: From Input Space to Feature Representation
2022	MM 2022	BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean Label
2022	NeurIPS 2022	Marksman Backdoor: Backdoor Attacks with Arbitrary Target Class
2022	NeurIPS 2022	Handcrafted Backdoors in Deep Neural Networks
2022	NeurIPS 2022	Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch
2022	TDSC 2022	One-to-N & N-to-One: Two Advanced Backdoor Attacks Against Deep Learning Models
2022	TIFS 2022	Dispersed Pixel Perturbation-Based Imperceptible Backdoor Trigger for Image Classifier Models
2022	TIFS 2022	Stealthy Backdoors as Compression Artifacts
2022	TIP 2022	Poison Ink: Robust and Invisible Backdoor Attack
2021	AAAI 2021	Backdoor Decomposable Monotone Circuits and Propagation Complete Encodings
2021	AAAI 2021	Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification
2021	CVPR 2021	Backdoor Attacks Against Deep Learning Systems in the Physical World
2021	ICCV 2021	CLEAR: Clean-up Sample-Targeted Backdoor in Neural Networks
2021	ICCV 2021	Invisible Backdoor Attack with Sample-Specific Triggers
2021	ICCV 2021	LIRA: Learnable, Imperceptible and Robust Backdoor Attacks
2021	ICCV 2021	Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective
2021	ICLR 2021	WaNet - Imperceptible Warping-based Backdoor Attack
2021	ICML 2021	Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks
2021	IJCAI 2021	Backdoor DNFs
2021	NeurIPS 2021	Backdoor Attack with Imperceptible Input and Latent Modification
2021	NeurIPS 2021	Excess Capacity and Backdoor Poisoning
2021	TDSC 2021	Invisible Backdoor Attacks on Deep Neural Networks Via Steganography and Regularization
2021	USS 2021	Blind Backdoors in Deep Learning Models
2020	AAAI 2020	Hidden Trigger Backdoor Attacks
2020	CCS 2020	Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features
2020	CIKM 2020	Can Adversarial Weight Perturbations Inject Neural Backdoors
2020	CVPR 2020	Clean-Label Backdoor Attacks on Video Recognition Models
2020	ECCV 2020	Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks
2020	KDD 2020	An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks
2020	MM 2020	GangSweep: Sweep out Neural Backdoors by GAN
2020	NeurIPS 2020	Input-Aware Dynamic Backdoor Attack
2020	NeurIPS 2020	On the Trade-off between Adversarial and Backdoor Robustness
2019	CCS 2019	Latent Backdoor Attacks on Deep Neural Networks
2018	NDSS 2018	Trojaning Attack on Neural Networks

Semi-supervised learning

Year	Publication	Paper	Code
2023	ICCV 2023	The Perils of Learning From Unlabeled Data: Backdoor Attacks on Semi-supervised Learning
2023	ICML 2023	Chameleon: Adapting to Peer Images for Planting Durable Backdoors in Federated Learning
2021	AAAI 2021	DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation
2021	TIFS 2021	Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures

Self-supervised learning

Year	Publication	Paper	Code
2023	ICCV 2023	An Embarrassingly Simple Backdoor Attack on Self-supervised Learning
2022	CVPR2022	Backdoor Attacks on Self-Supervised Learning

Federated learning

Year	Publication	Paper	Code
2023	NeurIPS 2023	IBA: Towards Irreversible Backdoor Attacks in Federated Learning
2023	NeurIPS 2023	A3FL: Adversarially Adaptive Backdoor Attacks to Federated Learning
2023	SIGIR 2023	Manipulating Federated Recommender Systems: Poisoning with Synthetic Users and Its Countermeasures
2022	ICML2022	Neurotoxin: Durable Backdoors in Federated Learning
2020	AISTATS 2020	How To Backdoor Federated Learning
2020	ICLR 2020	DBA: Distributed Backdoor Attacks against Federated Learning
2020	NeurIPS 2020	Attack of the Tails: Yes, You Really Can Backdoor Federated Learning
2022	USS 2022	FLAME: Taming Backdoors in Federated Learning

Reinforcement Learning

Year	Publication	Paper	Code
2021	IJCAI 2021	BACKDOORL: Backdoor Attack against Competitive Reinforcement Learning

Other CV tasks (Object detection, segmentation, point cloud)

Year	Publication	Paper	Code
2023	NeurIPS 2023	BadTrack: A Poison-Only Backdoor Attack on Visual Object Tracking
2022	ICLR 2022	Few-Shot Backdoor Attacks on Visual Object Tracking
2022	MM 2022	Backdoor Attacks on Crowd Counting
2021	ICCV 2021	A Backdoor Attack against 3D Point Cloud Classifiers
2021	ICCV 2021	PointBA: Towards Backdoor Attacks in 3D Point Cloud

Multimodal models (Visual and Language)

Year	Publication	Paper	Code
2024	IEEE SP	Backdooring Multimodal Learning
2022	CVPR2022	Dual-Key Multimodal Backdoors for Visual Question Answering
2022	ICASSP 2022	Object-Oriented Backdoor Attack Against Image Captioning
2022	ICLR 2022	Poisoning and Backdooring Contrastive Learning

Diffusion model

Year	Publication	Paper	Code
2023	NeurIPS 2023	VillanDiffusion: A Unified Backdoor Attack Framework for Diffusion Models
2023	ICCV 2023	Rickrolling the Artist: Injecting Backdoors into Text Encoders for Text-to-Image Synthesis
2023	CVPR 2023	How to Backdoor Diffusion Models?
2023	CVPR 2023	TrojDiff: Trojan Attacks on Diffusion Models with Diverse Targets

Large language model & other NLP tasks

Year	Publication	Paper	Code
2023	NeurIPS 2023	TrojPrompt: A Black-box Trojan Attack on Pre-trained Language Models
2023	ICML 2023	Poisoning Language Models During Instruction Tuning
2023	ICLR 2023	TrojText: Test-time Invisible Textual Trojan Insertion
2023	NDSS 2023	BadGPT: Exploring Security Vulnerabilities of ChatGPT via Backdoor Attacks to InstructGPT
2022	ICLR 2022	BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models
2022	IJCAI 2022	PPT: Backdoor Attacks on Pre-trained Models via Poisoned Prompt Tuning
2022	MM 2022	Opportunistic Backdoor Attacks: Exploring Human-imperceptible Vulnerabilities on Speech Recognition Systems
2022	NeurIPS 2022	BadPrompt: Backdoor Attacks on Continuous Prompts
2022	USS 2022	Hidden Trigger Backdoor Attack on NLP Models via Linguistic Style Manipulation
2021	ACL 2021	Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger
2021	ACL 2021	Rethinking Stealthiness of Backdoor Attack against NLP Models
2021	ACL 2021	Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution
2021	CCS 2021	Backdoor Pre-trained Models Can Transfer to All
2021	CCS 2021	Hidden Backdoors in Human-Centric Language Models
2021	EMNLP 2021	Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning
2021	EMNLP 2021	Mind the Style of Text! Adversarial and Backdoor Attacks Based on Text Style Transfer
2021	EUROSP 2021	Trojaning Language Models for Fun and Profit
2021	ICASSP 2021	Backdoor Attack Against Speaker Verification

Graph Neural Networks

Year	Publication	Paper	Code
2022	CCS 2022	Clean-label Backdoor Attack on Graph Neural Networks
2022	ICMR 2022	Camouflaged Poisoning Attack on Graph Neural Networks
2022	RAID 2022	Transferable Graph Backdoor Attack
2021	SACMAT 2021	Backdoor Attacks to Graph Neural Networks
2021	USS 2021	Graph Backdoor
2021	WiseML 2021	Explainability-based Backdoor Attacks Against Graph Neural Network

Theoretical analysis

Year	Publication	Paper	Code
2020	NeurIPS 2020	On the Trade-off between Adversarial and Backdoor Robustness

🛡Backdoor Defenses

Defense for supervised learning (Image classification)

Before-training (Preprocessing) stage

Year	Publication	Paper	Code
2023	ICCV 2023	Beating Backdoor Attack at Its Own Game
2023	USENIX Security 2023	Towards A Proactive ML Approach for Detecting Backdoor Poison Samples
2023	USENIX Security 2023	ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms
2023	USENIX Security 2023	How to Sift Out a Clean Data Subset in the Presence of Data Poisoning?
2023	ICLR 2023	Towards Robustness Certification Against Universal Perturbations
2021	ICML 2021	SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics
2021	USENIX Security 2021	Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection
2020	ICLR 2020	Robust anomaly detection and backdoor attack detection via differential privacy
2019	IEEE SP	Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks
2018		Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering
2018	NeurIPS 2018	Spectral Signatures in Backdoor Attacks

In-training stage

Year	Publication	Paper	Code
2023	CVPR 2023	Backdoor Defense via Adaptively Splitting Poisoned Dataset
2023	CVPR 2023	Backdoor Defense via Deconfounded Representation Learning
2023	IEEE SP	RAB: Provable Robustness Against Backdoor Attacks
2023	ICLR 2023	Towards Robustness Certification Against Universal Perturbations
2022	ICLR 2022	Backdoor defense via decoupling the training process
2022	NeurIPS 2022	Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples
2022	AAAI 2022	Certified Robustness of Nearest Neighbors against Data Poisoning and Backdoor Attacks
2021	NeurIPS 2021	Anti-Backdoor Learning: Training Clean Models on Poisoned Data
2021	AAAI 2021	Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks
2022	NeurIPS 2022	BagFlip: A Certified Defense against Data Poisoning

Post-training stage

Year	Publication	Paper	Category	Code
2024	IEEE SP	MM-BD: Post-Training Detection of Backdoor Attacks with Arbitrary Backdoor Pattern Types Using a Maximum Margin Statistic	Detection
2023	NeurIPS 2023	Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features	Mitigation
2023	NeurIPS 2023	Shared Adversarial Unlearning: Backdoor Mitigation by Unlearning Shared Adversarial Examples	Mitigation
2023	NeurIPS 2023	Stable Backdoor Purification with Feature Shift Tuning	Mitigation
2023	NeurIPS 2023	CBD: A Certified Backdoor Detector Based on Local Dominant Probability
2023	ICCV 2023	Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization	Mitigation
2023	CVPR 2023	Backdoor Cleansing with Unlabeled Data	Mitigation
2023	CVPR 2023	MEDIC: Remove Model Backdoors via Importance Driven Cloning	Mitigation
2023	CVPR 2023	Progressive Backdoor Erasing via connecting Backdoor and Adversarial Attacks	Mitigation
2023	CVPR 2023	Single Image Backdoor Inversion via Robust Smoothed Classifiers	Inversion
2023	ICLR 2023	UNICORN: A Unified Backdoor Trigger Inversion Framework	Inversion
2023	ICLR 2023	Incompatibility Clustering as a Defense Against Backdoor Poisoning Attacks	Mitigation
2023	ICASSP 2023	Backdoor Defense via Suppressing Model Shortcuts	Mitigation
2022	ICLR 2022	Adversarial Unlearning of Backdoors via Implicit Hypergradient	Mitigation
2022	ICLR 2022	Trigger Hunting with a Topological Prior for Trojan Detection	Detection	:octocat:
2022	ICLR 2022	AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis	Detection
2022	ICLR 2022	Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios	Detection
2022	NeruIPS 2022	Pre-activation Distributions Expose Backdoor Neurons	Mitigation
2022	NeruIPS 2022	One-shot Neural Backdoor Erasing via Adversarial Weight Masking	Mitigation
2022	NeruIPS 2022	Randomized channel shuffling: Minimal-overhead backdoor attack detection without clean datasets	Detection
2022	MM 2022	Purifier: Plug-and-play Backdoor Mitigation for Pre-trained Models Via Anomaly Activation Suppression	Mitigation
2022	IJCAI 2022	Eliminating Backdoor Triggers for Deep Neural Networks Using Attention Relation Graph Distillation	Mitigation
2022	ECCV 2022	Data-free backdoor removal based on channel lipschitzness	Mitigation
2022	CVPR 2022	Few-Shot Backdoor Defense Using Shapley Estimation	Mitigation
2022	CVPR 2022	Better Trigger Inversion Optimization in Backdoor Scanning	Inversion
2022	CVPR 2022	Complex Backdoor Detection by Symmetric Feature Differencing	Detection
2022	INFOCOM 2022	Backdoor Defense with Machine Unlearning	Mitigation
2022	TNNLS 2022	Critical Path-Based Backdoor Detection for Deep Neural Networks	Detection
2021	IEEE SP	Detecting AI Trojans Using Meta Neural Analysis	Detection
2021	NeurIPS 2021	Adversarial Neuron Pruning Purifies Backdoored Deep Models	Mitigation
2021	NeurIPS 2021	Topological Detection of Trojaned Neural Networks	Detection
2021	ICLR 2021	Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks	Mitigation
2021	TIFS	Odyssey: Creation, Analysis and Detection of Trojan Models	Detection
2020	ICLR 2020	Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness	Mitigation
2020	MM 2020	Gangsweep: Sweep out neural backdoors by gan	Mitigation
2020	ICDM 2020	Towards Inspecting and Eliminating Trojan Backdoors in Deep Neural Networks	Mitigation
2019	NeurIPS 2019	Defending Neural Backdoors via Generative Distribution Modeling	Mitigation
2019	CCS 2019	Abs: Scanning neural networks for backdoors by artificial brain stimulation	Detection
2019	IEEE SP	Neural cleanse: Identifying and mitigating backdoor attacks in neural networks	Mitigation
2019	IJCAI 2019	DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks	Detection+Mitigation
2018	RAID 2018	Fine-pruning: Defending against backdooring attacks on deep neural networks	Mitigation

Inference stage

Year	Publication	Paper	Code
2024	IEEE S&P 2024	Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics
2023	arXiv	VDC: Versatile Data Cleanser for Detecting Dirty Samples via Visual-Linguistic Inconsistency
2023	NeurIPS 2023	Black-box Backdoor Defense via Zero-shot Image Purification
2023	NeurIPS 2023	A Unified Framework for Inference-Stage Backdoor Defenses
2023	ICLR 2023	SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency
2023	CVPR 2023	Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency
2023	CVPR 2023	Don’t FREAK Out: A Frequency-Inspired Approach to Detecting Backdoor Poisoned Samples in DNNs
2023	NDSS 2023	The “Beatrix” Resurrections: Robust Backdoor Detection via Gram Matrices
2023	IJCAI 2023	Orion: Online Backdoor Sample Detection via Evolution Deviance
2021	ICCV 2021	Rethinking the backdoor attacks’ triggers: A frequency perspective
2020	IEEE SP	SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems
2019	ACSAC 2019	STRIP: A Defence Against Trojan Attacks on Deep Neural Networks

Defense for semi-supervised learning

Year	Publication	Paper	Code

Defense for self-supervised learning

Year	Publication	Paper	Code
2023	CVPR 2023	Detecting Backdoors in Pre-trained Encoders
2023	CVPR 2023	Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning

Defense for reinforcement learning

Year	Publication	Paper	Code
2023	NeurIPS 2023	BIRD: Generalizable Backdoor Detection and Removal for Deep Reinforcement Learning
2023	ICCV 2023	PolicyCleanse: Backdoor Detection and Mitigation for Competitive Reinforcement Learning

Defense for federated learning

Year	Publication	Paper	Code
2023	NeurIPS 2023	Theoretically Modeling Client Data Divergence for Federated Natural Language Backdoor Defense
2023	NeurIPS 2023	FedGame: A Game-Theoretic Defense against Backdoor Attacks in Federated Learning
2023	NeurIPS 2023	Lockdown: Backdoor Defense for Federated Learning with Isolated Subspace Training
2023	ICCV 2023	Multi-Metrics Adaptively Identifies Backdoors in Federated Learning
2023	ICLR 2023	FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning

Defense for other CV tasks (Object detection, segmentation)

Year	Publication	Paper	Code
2023	NeurIPS 2023	Django: Detecting Trojans in Object Detection Models via Gaussian Focus Calibration

Defense for multimodal models (Visual and Language)

Year	Publication	Paper	Code
2023	NeurIPS 2023	Robust Contrastive Language-Image Pretraining against Data Poisoning and Backdoor Attacks
2023	ICCV 2023	CleanCLIP: Mitigating Data Poisoning Attacks in Multimodal Contrastive Learning
2023	ICCV 2023	TIJO: Trigger Inversion with Joint Optimization for Defending Multimodal Backdoored Models
2023	CVPR 2023	Detecting Backdoors in Pre-trained Encoders

Defense for Large Language model & other NLP tasks

Year	Publication	Paper	Code
2023	NeurIPS 2023	Setting the Trap: Capturing and Defeating Backdoor Threats in PLMs through Honeypots
2023	NeurIPS 2023	Defending Pre-trained Language Models as Few-shot Learners against Backdoor Attacks
2023	NeurIPS 2023	Theoretically Modeling Client Data Divergence for Federated Natural Language Backdoor Defense
2023	ACL 2023	Defending against Insertion-based Textual Backdoor Attacks via Attribution
2023	ACL 2023	Diffusion Theory as a Scalpel: Detecting and Purifying Poisonous Dimensions in Pre-trained Language Models Caused by Backdoor or Bias

Defense for diffusion models

Year	Publication	Paper	Code

Defense for Graph Neural Networks

Year	Publication	Paper	Code

Backdoor for social good

Watermarking

Year	Publication	Paper	Code
2022	IJCAI2022	Membership Inference via Backdooring
2022	NeurIPS 2022	Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection
2018	USS 2018	Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring

Explainable AI

Year	Publication	Paper	Code
2021	KDD 2021	What Do You See?: Evaluation of Explainable Artificial Intelligence (XAI) Interpretability through Neural Backdoors

⚙Benchmark and toolboxes

Name	Publication	Paper	Code
BackdoorBench	NeurIPS 2022	BackdoorBench: A Comprehensive Benchmark of Backdoor Learning
OpenBackdoor	NeurIPS 2022	A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks
TrojanZoo	EuroS&P 2022	TrojanZoo: Towards Unified, Holistic, and Practical Evaluation of Neural Backdoors
BackdoorBox		BackdoorBox: An Open-sourced Python Toolbox for Backdoor Attacks and Defenses
BackdoorToolbox

Site Views: Visitors: