PBP: Post-training Backdoor Purification for Malware Classifiers
Dung Thuy Nguyen
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Malware
In an era where machine learning (ML) and deep learning (DL) models are increasingly becoming foundational components for critical security tasks, such as malware detection, ensuring their integrity and robustness against sophisticated attacks is paramount. This talk, presented by Dung Thuy Nguyen at the NDSS Symposium, addresses a particularly insidious threat: **backdoor attacks** against deep neural network (DNN) based malware classifiers. The paper introduces **PBP (Post-training Backdoor Purification)**, a novel method designed to detect and eliminate backdoors embedded within already deployed or trained models, without requiring any prior knowledge of the attack's specifics.
AI review
Legitimate academic security research on backdoor purification for malware classifiers, presented at a credible venue. The core contribution — using batch norm statistic divergence between a randomized and backdoored model to localize backdoor neurons, then reversing gradients selectively — is technically coherent and addresses a real operational gap. Not groundbreaking enough to dominate a practitioner conference, but earns its place as solid published work.