Research Article
DeepDefense: A Steganalysis-Based Backdoor Detecting and Mitigating Protocol in Deep Neural Networks for AI Security
Algorithm 1
Backdoor detection and removal.
| | Input: A clean sample , a training set , a backdoored DNN model . | | | Output: A clean DNN model . | | (1) | Initialize , , and detector . | | (2) | //step 1: generate poisoned-clean pair samples. | | (3) | set , where generate poisoned sample; | | (4) | set ; | | (5) | //step 2: Train detector. | | (6) | set , learning rate ; | | (7) | fordo | | (8) | fordo | | (9) | Update of detector D with stochastic gradient descent; | | (10) | ; | | (11) | ; | | (12) | //step 3: detect poisoned samples in training set. | | (13) | set ; | | (14) | fordo | | (15) | // indicates the inference result of detector D | | (16) | whiledo | | (17) | ifthen | | (18) | , where ; | | (19) | ; | | (20) | break; | | (21) | //step 4: Backdoor unlearning. | | (22) | input into and update model by using equation (5); | | (23) | return the clean model . |
|
