Paper ID: 2411.09540

Prompting the Unseen: Detecting Hidden Backdoors in Black-Box Models

Zi-Xuan Huang, Jia-Wei Chen, Zhi-Peng Zhang, Chia-Mu Yu

Visual prompting (VP) is a new technique that adapts well-trained frozen models for source domain tasks to target domain tasks. This study examines VP's benefits for black-box model-level backdoor detection. The visual prompt in VP maps class subspaces between source and target domains. We identify a misalignment, termed class subspace inconsistency, between clean and poisoned datasets. Based on this, we introduce \textsc{BProm}, a black-box model-level detection method to identify backdoors in suspicious models, if any. \textsc{BProm} leverages the low classification accuracy of prompted models when backdoors are present. Extensive experiments confirm \textsc{BProm}'s effectiveness.

Submitted: Nov 14, 2024

Topics

Backdoor Attack
Black Box
Black Box Model
Visual Prompting
Domain Specific Task
Unseen Video
Hidden Backdoor

Links

arXiv PDF