CVPR 2023 - Single Image Backdoor Inversion via Robust Smoothed Classifiers

In this episode we discuss Single Image Backdoor Inversion via Robust Smoothed Classifiers by Mingjie Sun, Zico Kolter. The paper proposes a new method called SmoothInv for identifying backdoor triggers in machine learning models. Previous methods used an optimization process to flip a support set of clean images into the target class. However, the paper demonstrates that SmoothInv can reliably recover the trigger with as few as one image, without requiring an explicit modeling of the trigger or complex regularization schemes. The proposed method is shown to be effective in identifying backdoors in existing models and remains robust against adaptive attackers.