DUP: Detection-guided Unlearning for Backdoor Purification in Language Models
DOI:
https://doi.org/10.1609/aaai.v40i37.40366Abstract
As backdoor attacks become more stealthy and robust, they reveal critical weaknesses in current defense strategies: detection methods often rely on coarse-grained feature statistics, and purification methods typically require full retraining or additional clean models. To address these challenges, we propose DUP (Detection-guided Unlearning for Purification), a unified framework that integrates backdoor detection with unlearning-based purification. The detector captures feature-level anomalies by jointly leveraging class-agnostic distances and inter-layer transitions. These deviations are integrated through a weighted scheme to identify poisoned inputs, enabling more fine-grained analysis. Based on the detection results, we purify the model through a parameter-efficient unlearning mechanism that avoids full retraining and does not require any external clean model. Specifically, we innovatively repurpose knowledge distillation to guide the student model toward increasing its output divergence from the teacher on detected poisoned samples, effectively forcing it to unlearn the backdoor behavior. Extensive experiments across diverse attack methods and language model architectures demonstrate that DUP achieves superior defense performance in detection accuracy and purification efficacy.
Published
2026-03-14
How to Cite
Hu, M., Ding, Y., Yang, Y., Chen, L., Jia, Y., & Zhao, S. (2026). DUP: Detection-guided Unlearning for Backdoor Purification in Language Models. Proceedings of the AAAI Conference on Artificial Intelligence, 40(37), 31059–31067. https://doi.org/10.1609/aaai.v40i37.40366
Issue
Section
AAAI Technical Track on Natural Language Processing II
