PhD Dissertation Proposal by NAY Myat Min | Eliminating Backdoors in AI Models

Eliminating Backdoors in AI Models

ABOUT THE TALK

Backdoor attacks are covertly implanted malicious behaviors in deep neural networks (DNNs) and large language models (LLMs). Such attacks pose tangible real-world threats: adversaries can monetize commercial APIs, siphon sensitive data, or spread propaganda while models appear benign on clean inputs. This dissertation proposes a unified, data-efficient defense framework that removes such backdoors across both vision and language modalities.  Specifically, it advances the state of the art along three complementary axes: (i) neuron-level mitigation, achieved by selectively unlearning and relearning backdoor-carrying neurons; (ii) generative-model purification, realized through layer-wise consistency enforcement that works without a clean reference model; and (iii) concept-level detection, powered by semantic divergence analyses that flag triggers even in black-box settings.  Together, these techniques cut attack success rates from over 90% to below 2% on standard benchmarks while preserving task accuracy and achieve high backdoor detection rate.

SPEAKER BIOGRAPHY

NAY Myat Min is a third-year Ph.D. candidate in Computer Science at SMU’s School of Computing and Information Systems, supervised by Professor SUN Jun. His research focuses on backdoor vulnerabilities in large language models, and he has developed defenses published at ICML and TIFS. Nay holds an M.Sc. in Cyber Security from Mahidol University and a B.Sc. (First Class Honours) in Computer and Network Technology from Northumbria University.