BARBIE: Robust Backdoor Detection Based on Latent Separability
Hanlei Zhang
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · ML Backdoors
In an era where deep learning models are becoming ubiquitous across critical domains such as face recognition, machine translation, autonomous driving, and medical diagnosis, their inherent security vulnerabilities pose significant risks. One of the most insidious threats is the **backdoor attack**, where a model appears to function normally on benign inputs but exhibits malicious, predetermined behavior when presented with specific "backdoored" samples containing a hidden trigger. Such attacks can lead to severe consequences, from misclassification in sensitive applications to complete system compromise. This talk, delivered by Hanlei Zhang at the NDSS Symposium, introduces BARBIE, a novel and robust backdoor detection method designed to address the shortcomings of existing solutions, particularly against advanced and adaptive backdoor attacks.
AI review
BARBIE is legitimate ML security research with a clean conceptual contribution — the RCS metric and the latent-mixing framework are coherent and the adaptive attacker evaluation is exactly the right thing to test. It's solid academic work, but it lands closer to a good workshop paper than a conference-defining talk: the core idea isn't wildly surprising to anyone who's thought carefully about representation geometry, and the empirical scope, while broad, doesn't fully stress-test the threat model against a sophisticated adversary with real deployment constraints.