关键词: 后门模型净化, 靶向解毒, 动态定位, 前置激活, 禁忌搜索

Abstract: Abstract: Backdoor attacks on Deep Neural Networks (DNN) severely compromise the trustworthiness of model decisions. Existing defense methods relying on one-time pruning or global fine-tuning often lead to significant degradation in clean accuracy. To address this, a dynamic targeted recovery method for backdoor model purification was proposed. First, pre-activation was utilized to characterize neuron behavior, enabling the localization of poisoned neurons with abnormal activity. During model purification, targeted recovery was implemented by fine-tuning only the located poisoned neurons, avoiding disturbances to clean neurons and maintaining clean accuracy effectively. Second, allowing dynamic localization of poisoned neurons, neuron behavior was monitored to obtain feedback on the purification process. A tabu search strategy was introduced to exclude interference from stubborn neurons with minimal contribution to purification, accelerating convergence. Experiments on 3 benchmark datasets against 6 backdoor attacks including BadNets (Backdoored Neural Network) showed that the proposed method reduced the average ASR (attack success rate) to 0.21% and improved ACC (accuracy) by 0.1–2.9 percentage points, outperforming 5 other defense methods such as ABL (Anti-Backdoor Learning). The dynamic targeted recovery strategy effectively overcomes the clean accuracy degradation caused by traditional one-time pruning or global fine-tuning, providing a more reliable solution for enhancing DNN security.

Key words: Keywords: backdoor model purification, targeted recovery, dynamic localization, pre-activation, tabu search