What problem does this paper attempt to address?

The problem this paper attempts to address is backdoor attacks in deep neural networks (DNNs). Backdoor attacks involve implanting a small amount of data with preset triggers (backdoor triggers) into the training data, causing the model to make incorrect predictions for specific inputs during testing. This type of attack is particularly severe in the era of large-scale models, as these models are often extensively pre-trained on datasets crawled from the web, which are susceptible to tampering. The paper proposes a novel two-step defense framework called "Expose Before You Defend" (EBYD), aimed at unifying existing backdoor defense methods and improving their performance. Specifically, the EBYD framework first reveals the backdoor functionalities in the backdoored model through a preprocessing step called "backdoor exposure," and then applies detection and removal methods to identify and eliminate the backdoor features. ### Main Contributions of the Paper: 1. **Introduction of the EBYD Framework**: This framework divides backdoor defense into two steps. The first step is backdoor exposure, which isolates backdoor functionalities through specialized model preprocessing/editing techniques; the second step is backdoor defense, which applies existing detection and removal techniques to enhance overall performance. 2. **Proposed Clean Unlearning (CUL) Technique**: This is a new backdoor exposure technique that reveals hidden backdoor functionalities by actively unlearning clean features from the backdoored model. CUL is effective even when unlearning is performed on a small number of clean samples. 3. **Exploration of Various Model Preprocessing Techniques**: Including fine-tuning, model sparsification, and weight perturbation, all of which can be used to expose backdoor functionalities in backdoored models. 4. **Comprehensive Experimental Evaluation**: Extensive experiments were conducted on multiple visual and textual datasets, covering 10 image attacks and 6 text attacks. The results show that the EBYD framework significantly outperforms existing state-of-the-art methods in detecting and removing backdoors. ### Key Innovations: - **Importance of Backdoor Exposure**: The paper emphasizes the importance of backdoor exposure for backdoor defense. By exposing backdoor functionalities, the performance of downstream defense tasks such as backdoor label detection, backdoor trigger recovery, backdoor model detection, and backdoor removal can be significantly improved. - **Unified Defense Framework**: The EBYD framework effectively integrates existing backdoor defense methods into a comprehensive defense system. - **Cross-Domain Applicability**: EBYD is not only applicable to backdoor defense in the image domain but can also be extended to language models to defend against various textual backdoor attacks. Overall, by introducing the EBYD framework, this paper provides a systematic solution aimed at comprehensively enhancing the security and robustness of deep neural networks against backdoor attacks.