Deep Neural Networks (DNNs) are vulnerable to backdoor attacks. Due to the nature of Machine Learning as a Service (MLaaS) applications, black-box defenses are more practical than white-box methods, yet existing purification techniques suffer from key limitations: a lack of justification for specific transformations, dataset dependency, high computational overhead, and a neglect of frequency-domain transformations. This paper conducts a preliminary study on various image transformations, identifying down-upscaling as the most effective backdoor trigger disruption technique. We subsequently propose \texttt{Lite-BD}, a lightweight two-stage blackbox backdoor defense. \texttt{Lite-BD} first employs a super-resolution-based down-upscaling stage to neutralize spatial triggers. A secondary stage utilizes query-based band-by-band frequency filtering to remove triggers hidden in specific bands. Extensive experiments against state-of-the-art attacks demonstrate that \texttt{Lite-BD} provides robust and efficient protection. Codes can be found at https://github.com/SiSL-URI/Lite-BD.

翻译：深度神经网络（DNNs）容易受到后门攻击。由于机器学习即服务（MLaaS）应用的性质，黑盒防御比白盒方法更具实用性，然而现有的净化技术存在关键局限性：缺乏对特定变换的合理性论证、数据集依赖性、高计算开销以及对频域变换的忽视。本文对各种图像变换进行了初步研究，发现下采样-上采样是最有效的后门触发器破坏技术。我们随后提出了 \texttt{Lite-BD}，一种轻量级的两阶段黑盒后门防御方法。\texttt{Lite-BD} 首先采用基于超分辨率的降采样-上采样阶段来中和空间触发器。第二阶段利用基于查询的逐频带滤波来移除隐藏在特定频带中的触发器。针对最先进攻击的大量实验表明，\texttt{Lite-BD} 提供了鲁棒且高效的防护。代码可在 https://github.com/SiSL-URI/Lite-BD 找到。