Test Time Defense

Test-time defense aims to enhance the robustness of machine learning models, particularly deep neural networks, against adversarial attacks and backdoors encountered during inference, without retraining the model. Current research focuses on developing efficient and effective methods, including those leveraging interpretability, spectral projections, and masked autoencoders, to detect and mitigate these threats in a computationally inexpensive manner, even for black-box models like large language models. These advancements are crucial for deploying reliable AI systems in real-world applications where retraining is impractical or impossible, improving the security and trustworthiness of AI. However, recent evaluations highlight the need for rigorous benchmarking and careful consideration of the trade-off between robustness and computational cost.

Papers

October 28, 2024

FATH: Authentication-based Test-time Defense against Indirect Prompt Injection Attacks
Jiongxiao Wang, Fangzhou Wu, Wendi Li, Jinsheng Pan, Edward Suh, Z. Morley Mao, Muhao Chen, Chaowei Xiao
Prompt Injection Attack Hash Code Injection Attack Test Time Defense

September 23, 2024

Interpretability-Guided Test-Time Adversarial Defense
Akshay Kulkarni, Tsui-Wei Weng
Neuron Level Test Time Adversarial Test Time Defense

November 16, 2023

Test-time Backdoor Mitigation for Black-Box Large Language Models with Defensive Demonstrations
Wenjie Mo, Jiashu Xu, Qin Liu, Jiongxiao Wang, Jun Yan, Chaowei Xiao, Muhao Chen
Noisy Demonstration Backdoor Defense Black Box Large Language Model Training Time Attack Instruction Backdoor Attack Test Time Defense

July 21, 2023

Robust Feature Inference: A Test-time Defense Strategy using Spectral Projections
Anurag Singh, Mahalakshmi Sabanayagam, Krikamol Muandet, Debarghya Ghoshdastidar
Adversarial Attack Adversarial Example Test Time Defense

March 22, 2023

Test-time Detection and Repair of Adversarial Samples via Masked Autoencoder
Yun-Yun Tsai, Ju-Chin Chao, Albert Wen, Zhaoyuan Yang, Chengzhi Mao, Tapan Shah, Junfeng Yang
Adversarial Attack Adversarial Training Adversarial Sample Masked AutoEncoder Third Position Repair Training Time Attack Test Time Defense

January 27, 2023

PECAN: A Deterministic Certified Defense Against Backdoor Attacks
Yuhao Zhang, Aws Albarghouthi, Loris D'Antoni
Backdoor Attack Backdoor Poisoning Attack Content Addressable Memory Certified Defense Test Time Defense

February 28, 2022

Evaluating the Adversarial Robustness of Adaptive Test-time Defenses
Francesco Croce, Sven Gowal, Thomas Brunner, Evan Shelhamer, Matthias Hein, Taylan Cemgil
Adversarial Robustness Adaptive Defense Test Time Defense