BeDKD: Backdoor Defense Based on Directional Mapping Module and Adversarial Knowledge Distillation
DOI:
https://doi.org/10.1609/aaai.v40i42.40902Abstract
Although existing backdoor defenses have gained success in mitigating backdoor attacks, they still face substantial challenges. In particular, most of them rely on large amounts of clean data to weaken the backdoor mapping but generally struggle with residual trigger effects, resulting in persistently high attack success rates (ASR). Therefore, in this paper, we propose a novel Backdoor defense method based on Directional mapping module and adversarial Knowledge Distillation (BeDKD), which balances the trade-off between defense effectiveness and model performance using a small amount of clean and poisoned data. We first introduce a directional mapping module to identify poisoned data, which destroys clean mapping while keeping backdoor mapping on a small set of flipped clean data. Then, the adversarial knowledge distillation is designed to reinforce clean mapping and suppress backdoor mapping through a cycle iteration mechanism between trust and punish distillations using clean and identified poisoned data. We conduct experiments to mitigate mainstream attacks on three datasets, and experimental results demonstrate that BeDKD surpasses the state-of-the-art defenses and reduces the ASR by 98% without significantly reducing the CACC.
Downloads
Published
2026-03-14
How to Cite
Wu, Z., Wen, J., Peng, W., Zhou, Y., Dou, C., & Xue, Y. (2026). BeDKD: Backdoor Defense Based on Directional Mapping Module and Adversarial Knowledge Distillation. Proceedings of the AAAI Conference on Artificial Intelligence, 40(42), 35876–35884. https://doi.org/10.1609/aaai.v40i42.40902
Issue
Section
AAAI Technical Track on Philosophy and Ethics of AI
