Evasive Learning: Mitigating Backdoor Attacks in Multimodal Contrastive Learning

In recent years, a powerful machine learning paradigm called Self-Supervised Learning (SSL) has emerged, allowing models to learn from vast amounts of unlabeled data. However, this approach is vulnerable to backdoor attacks, where an attacker can inject malicious code into SSL models by manipulating a small number of training samples. To address this issue, researchers examined the effectiveness of different cluster counts in detecting poisonous triggers in SSL models.
The study varied the cluster count (l) in k-means algorithms from 100 to 2000 and observed that increasing l can detect more poisonous images while total processing time consistently increases. The optimal value of l was determined by balancing performance and time costs. The findings demonstrate the importance of selecting an appropriate cluster count to prevent backdoor attacks in SSL models.
To help illustrate this concept, imagine a treasure chest filled with unlabeled data. Just like how we wouldn’t want any unwanted objects inside the chest, we don’t want malicious code in our SSL models. By adjusting the number of clusters (l), we can effectively detect poisonous images and keep our models safe from backdoor attacks.
Furthermore, the study showed that increasing l also increases the average processing time per image, highlighting the trade-off between performance and time costs. In summary, choosing an appropriate value for l is crucial to prevent backdoor attacks in SSL models while balancing performance and time costs.