Detecting and Corrupting Convolution-based Unlearnable Examples

Authors

  • Minghui Li School of Software Engineering, Huazhong University of Science and Technology
  • Xianlong Wang Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology
  • Zhifei Yu School of Cyber Science and Engineering, Huazhong University of Science and Technology
  • Shengshan Hu Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology
  • Ziqi Zhou School of Computer Science and Technology, Huazhong University of Science and Technology
  • Longling Zhang Hubei Key Laboratory of Distributed System Security, Hubei Engineering Research Center on Big Data Security, School of Cyber Science and Engineering, Huazhong University of Science and Technology
  • Leo Yu Zhang School of Information and Communication Technology, Griffith University

DOI:

https://doi.org/10.1609/aaai.v39i17.34025

Abstract

Convolution-based unlearnable examples (UEs) employ class-wise multiplicative convolutional noise to training samples, severely compromising model performance. This fire-new type of UEs have successfully countered all defense mechanisms against UEs. The failure of such defenses can be attributed to the absence of norm constraints on convolutional noise, leading to severe blurring of image features. To address this, we first design an Edge Pixel-based Detector (EPD) to identify convolution-based UEs. Upon detection of them, we propose the first defense scheme against convolution-based UEs, COrrupting these samples via random matrix multiplication by employing bilinear INterpolation (COIN) such that disrupting the distribution of class-wise multiplicative noise. To evaluate the generalization of our proposed COIN, we newly design two convolution-based UEs called VUDA and HUDA to expand the scope of convolution-based UEs. Extensive experiments demonstrate the effectiveness of detection scheme EPD and that our defense COIN outperforms 11 state-of-the-art (SOTA) defenses, achieving a significant improvement on the CIFAR and ImageNet datasets.
AAAI-25 / IAAI-25 / EAAI-25 Proceedings Cover

Downloads

Published

2025-04-11

How to Cite

Li, M., Wang, X., Yu, Z., Hu, S., Zhou, Z., Zhang, L., & Zhang, L. Y. (2025). Detecting and Corrupting Convolution-based Unlearnable Examples. Proceedings of the AAAI Conference on Artificial Intelligence, 39(17), 18403-18411. https://doi.org/10.1609/aaai.v39i17.34025

Issue

Vol. 39 No. 17: AAAI-25 Technical Tracks 17

Section

AAAI Technical Track on Machine Learning III