Research Article
DeepDefense: A Steganalysis-Based Backdoor Detecting and Mitigating Protocol in Deep Neural Networks for AI Security
Table 6
Effectiveness performance comparison of defensing protocols under different backdoor attacks.
| | Dataset | Attack type | FP [15] | ABL [19] | Ours | | ASR % | CA % | ASR % | CA % | ASR % | CA % |
| | CIFAR10 | None Attack | 0.00 | 91.88 | 0.00 | 92.75 | 0.00 | 93.79 | | BadNets | 99.81 | 90.37 | 0.42 | 93.14 | 0.21 | 90.54 | | Blend Attack | 100.00 | 93.43 | 0.48 | 76.56 | 0.15 | 60.43 | | SSBA | 99.90 | 93.09 | 0.50 | 93.17 | 0.43 | 90.81 |
| | VGGFACE2 subset | None Attack | 0.00 | 72.62 | 0.00 | 82.96 | 0.00 | 86.73 | | BadNets | 11.79 | 77.26 | 0.00 | 14.90 | 0.32 | 83.36 | | Blend Attack | 14.89 | 71.46 | 0.00 | 9.72 | 0.46 | 78.67 | | SSBA | 11.47 | 72.23 | 0.00 | 7.97 | 0.17 | 84.27 |
|
|
For different attacks, bold values represents the best defense effect among the three defense schemes.
|
