Backdoors in Deep Learning @ NeurIPS 2023
The Good, the Bad and the Ugly - Modern AI development requires using and sharing of models and data safely. Uncovering backdoor, a foe and a friend at the front door.
Schedule (Coming Soon)
Call for Papers
We cordially invite submissions and participation in our “Backdoors in Deep Learning: The Good, the Bad, and the Ugly” workshop (neurips2023-bugs.github.io) that will be held on December 15 or 16, 2023 at NeurIPS 2023, New Orleans, USA.
The submission deadline is September 29, 2023 October 3rd, 2023, 23:59 AoE and the submission link https://openreview.net/group?id=NeurIPS.cc/2023/Workshop/BUGS.
Motivation and Topics
Deep neural networks (DNNs) are revolutionizing almost all AI domains and have become the core of many modern AI systems. Despite their superior performance compared to classical methods, DNNs also face new security problems, such as adversarial and backdoor attacks, that are hard to discover and resolve due to their black-box-like property. Backdoor attacks are possible because of insecure model pretraining and outsourcing practices. Due to the complexity and the tremendous cost of collecting data and training models, many individuals/companies employ models or training data from third parties. Malicious third parties can add backdoors into their models or poison their released data before delivering it to the victims to gain illegal benefits. This threat seriously damages the safety and trustworthiness of AI development.
While most works consider backdoors “evil”, some studies leverage them for good purposes. A popular approach is to use the backdoor as a watermark to detect illegal uses of commercialized data/models. Watermarks can also be used to mark generated data, which becomes crucial with the introduction of big generative models (LLMs, text-to-image generators). For instance, the paper “A Watermark for Large Language Models” has received an outstanding paper award at ICML 2023, showing the community’s great interest in this critical topic. Besides, a few works employ the backdoor as a trapdoor for adversarial defense. Learning the underlying working mechanisms of backdoors also elevates our understanding of how deep learning models work. This workshop is designed to provide a comprehensive understanding of the current state of backdoor research. Our goal is to foster discussion and perspective exchange, as well as to engage the community in identifying social good applications of backdoors. As such, we welcome submissions related to any aspect of backdoor research, including but not limited to:
- Backdoor attacks
- Poisoning attacks
- Dirty-label backdoor attacks
- Clean-label backdoor attacks
- Backdoors in various learning paradigms (supervised, semi-supervised, self-supervised)
- Backdoors in various computer vision tasks (object detection, segmentation)
- Backdoors in multimodal models (vision+language)
- Backdoors in federated learning
- Backdoors in NLP and less-studied domains (speech, graphs)
- Backdoors in generative models (e.g., Diffusion models)
- Backdoors in Large Language Models
- Backdoor defenses
- Backdoor detection (poisoned inputs, poisoned models) - Backdoor mitigation (data sanitization, model repair)
- Understanding backdoor behaviors
- Backdoor for social good
- Watermarking (for IP Protection, Ownership Verification, Generative Data Marking, etc…)
- Trapdoor/Honeypot defenses
- Model unlearning
- Deep model behavior understanding
The workshop will employ a double-blind review process. Each submission will be evaluated based on the following criteria:
- Soundness of the methodology
- Relevance to the workshop
- Societal impacts
We only consider submissions that haven’t been published in any peer-reviewed venue, including NeurIPS 2023 conference. We allow dual submissions with other workshops or conferences. The workshop is non-archival and will not have any official proceedings. All accepted papers will be allocated either a poster presentation or a talk slot.
Important Dates
- Submission deadline:
September 29th, 2023October 3rd, 2023, 11:59 PM Anywhere on Earth (AoE) - Author notification: October 27th, 2023
- Camera-ready deadline: December 1st, 2023, 11:59 PM Anywhere on Earth (AoE)
- Workshop date: December 15th, 2023 (Full-day Event)
Submission Instructions
Papers should be submitted to OpenReview: https://openreview.net/group?id=NeurIPS.cc/2023/Workshop/BUGS
Submitted papers should have up to 6 pages (excluding references, acknowledgments, or appendices). Please use the NeurIPS submission template provided at https://neurips.cc/Conferences/2023/PaperInformation/StyleFiles. Submissions must be anonymous following NeurIPS double-blind reviewing guidelines, NeurIPS Code of Conduct, and Code of Ethics. Accepted papers will be hosted on the workshop website but are considered non-archival and can be submitted to other workshops, conferences, or journals if their submission policy allows.
Speakers
 |
 |
 |
 |
| Bo Li Assistant Professor, UIUC |
Ruoxi Jia Assistant Professor, Virginia Tech |
Adam Dziedzic Assistant Professor, CISPA |
Florian Tramèr Assistant Professor, ETH Zürich |
 |
 |
 |
|
| Yiming Li Research Professor, Zhejiang University |
Baoyuan Wu Associate Professor, CUHK-Shenzhen |
Dawn Song Professor, UC Berkeley |
Panelists (Coming Soon)
Organizers
 |
 |
 |
 |
 |
| Khoa D Doan VinUniversity, Vietnam |
Aniruddha Saha University of Maryland, College Park, USA |
Anh Tuan Tran VinAI Research, Vietnam |
Yingjie Lao Clemson University, USA |
Kok-seng Wong VinUniversity, Vietnam |
 |
 |
 |
 |
 |
| Ang Li Simular Research, USA |
Haripriya Harikumar Deakin University, Australia |
Eugene Bagdasaryan Cornell Tech, USA |
Micah Goldblum New York University, USA |
Tom Goldstein University of Maryland, College Park, USA |
Organizers affiliations
