Core Concepts
Off-the-shelf diffusion models can effectively sanitize training data, reducing clean-label poisoning attacks' success rates significantly.
Abstract
Introduction of certified defense against clean-label poisoning attacks.
Comparison with existing countermeasures and demonstration of defense effectiveness.
Evaluation of defense strategies to improve model utility while maintaining robustness.
Discussion on the gap between certified accuracy and practical attack accuracy.
Encouragement for future work to develop stronger clean-label attacks and include the defense as a baseline.
Stats
攻撃成功率を0%にまで低下させる。
攻撃成功率を2%から16%に減少させる。
クリーン精度の低下がほとんどない。
Quotes
"Existing poisoning defenses fall into two categories certified and heuristic."
"Our results highlight the need for future work on developing stronger clean-label attacks."