“…Figure 4 depicts a taxonomy of defenses against training-only and backdoor attacks according to methodology. 16), ( 30), ( 48), ( 49), ( 90), ( 92), ( 110), ( 119 23), ( 79), ( 101), (118), (150) Outliers in Input Space (39), ( 116), ( 117), (139) Figure 4: A taxonomy of defenses against training-only and backdoor attacks.…”