Convolution-based unlearnable examples (UEs) employ class-wise multiplicative convolutional noise to training samples, severely compromising model performance. This fire-new type of UEs have successfully countered all defense mechanisms against UEs. The failure of such defenses can be attributed to the absence of norm constraints on convolutional noise, leading to severe blurring of image features. To address this, we first design an Edge Pixel-based Detector (EPD) to identify convolution-based UEs. Upon detection of them, we propose the first defense scheme against convolution-based UEs, COrrupting these samples via random matrix multiplication by employing bilinear INterpolation (COIN) such that disrupting the distribution of class-wise multiplicative noise. To evaluate the generalization of our proposed COIN, we newly design two convolution-based UEs called VUDA and HUDA to expand the scope of convolution-based UEs. Extensive experiments demonstrate the effectiveness of detection scheme EPD and that our defense COIN outperforms 11 state-of-the-art (SOTA) defenses, achieving a significant improvement on the CIFAR and ImageNet datasets.

翻译：基于卷积的不可学习样本（UEs）通过向训练样本施加类级乘性卷积噪声，严重损害模型性能。这种全新类型的UEs已成功抵御所有针对UEs的防御机制。现有防御失效的原因在于未对卷积噪声施加范数约束，导致图像特征严重模糊。为此，我们首先设计了一种基于边缘像素的检测器（EPD）来识别基于卷积的UEs。在检测到此类样本后，我们提出了首个针对卷积型UEs的防御方案COIN——通过双线性插值进行随机矩阵乘法来破坏样本，从而扰乱类级乘性噪声的分布。为评估所提COIN方案的泛化能力，我们新设计了两种名为VUDA和HUDA的卷积型UEs以扩展此类样本的研究范畴。大量实验表明：检测方案EPD具有显著有效性，且我们的防御方案COIN在CIFAR和ImageNet数据集上超越了11种前沿防御方法，取得了显著性能提升。