{"ID":2862524,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2509.25792","arxiv_id":"2509.25792","title":"PUREVQ-GAN: Defending Data Poisoning Attacks through Vector-Quantized Bottlenecks","abstract":"We introduce PureVQ-GAN, a defense against data poisoning that forces backdoor triggers through a discrete bottleneck using Vector-Quantized VAE with GAN discriminator. By quantizing poisoned images through a learned codebook, PureVQ-GAN destroys fine-grained trigger patterns while preserving semantic content. A GAN discriminator ensures outputs match the natural image distribution, preventing reconstruction of out-of-distribution perturbations. On CIFAR-10, PureVQ-GAN achieves 0% poison success rate (PSR) against Gradient Matching and Bullseye Polytope attacks, and 1.64% against Narcissus while maintaining 91-95% clean accuracy. Unlike diffusion-based defenses requiring hundreds of iterative refinement steps, PureVQ-GAN is over 50x faster, making it practical for real training pipelines.","short_abstract":"We introduce PureVQ-GAN, a defense against data poisoning that forces backdoor triggers through a discrete bottleneck using Vector-Quantized VAE with GAN discriminator. By quantizing poisoned images through a learned codebook, PureVQ-GAN destroys fine-grained trigger patterns while preserving semantic content. A GAN di...","url_abs":"https://arxiv.org/abs/2509.25792","url_pdf":"https://arxiv.org/pdf/2509.25792v1","authors":"[\"Alexander Branch\",\"Omead Pooladzandi\",\"Radin Khosraviani\",\"Sunay Gajanan Bhat\",\"Jeffrey Jiang\",\"Gregory Pottie\"]","published":"2025-09-30T05:04:17Z","proceeding":"cs.AI","tasks":"[\"cs.AI\",\"cs.CV\"]","methods":"[\"Diffusion Model\",\"Generative Adversarial Network\",\"Variational Autoencoder\"]","has_code":false}