Fisher Information guided Purification against Backdoor Attacks
Fisher Information guided Purification against Backdoor Attacks
Studies on backdoor attacks in recent years suggest that an adversary can compromise the integrity of a deep neural network (DNN) by manipulating a small set of training samples. Our analysis shows that such manipulation can make the backdoor model converge to a bad local minima, i.e., sharper minima as …