Evaluating and Defending Backdoor Attacks in Image Recognition Systems

Syed Badruddoja; Bashar  Najah Allwza; Ram Dantu

doi:10.5220/0013319300003899

Evaluating and Defending Backdoor Attacks in Image Recognition Systems

Syed Badruddoja, Bashar Najah Allwza, Ram Dantu

2025

Abstract

Machine learning algorithms face significant challenges from model poisoning attacks, posing a severe threat to their reliability and security. Understanding a model poison attack requires statistical analysis through evaluation with multi-parameter attributes. Currently, there are many evaluation strategies for such attacks. However, they often lack comprehensive evaluation and analysis. Moreover, The defense strategies are outdated and require retraining of models with fresh data. We perform a systematic evaluation of backdoor model poisoning attacks using the MNIST digit recognition dataset with respect to the size of the sample and pixel. The observed analysis of our results demonstrates that successful attacks require the manipulation of a minimum of 20 pixels and 1,000 samples. To counter this, we propose a novel defense mechanism utilizing morphological filters. Our method effectively mitigates the impact of poisoned data without requiring any retraining of the model. Furthermore, our approach achieves a prediction accuracy of 96% while avoiding any backdoor trigger-based prediction.

Download

Paper Citation

in Harvard Style

Badruddoja S., Allwza B. and Dantu R. (2025). Evaluating and Defending Backdoor Attacks in Image Recognition Systems. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 268-275. DOI: 10.5220/0013319300003899

in Bibtex Style

@conference{icissp25,
author={Syed Badruddoja and Bashar Allwza and Ram Dantu},
title={Evaluating and Defending Backdoor Attacks in Image Recognition Systems},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={268-275},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013319300003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - Evaluating and Defending Backdoor Attacks in Image Recognition Systems
SN - 978-989-758-735-1
AU - Badruddoja S.
AU - Allwza B.
AU - Dantu R.
PY - 2025
SP - 268
EP - 275
DO - 10.5220/0013319300003899
PB - SciTePress