This paper introduces IBD-PSC, a novel input-level backdoor detection method designed to filter out malicious testing images. The method leverages the parameter-oriented scaling consistency (PSC) phenomenon, where the prediction confidences of poisoned samples are more consistent than those of benign samples when the parameters of batch normalization (BN) layers are amplified. The authors provide theoretical foundations for this phenomenon and design an adaptive algorithm to select the optimal number of BN layers for amplification. Extensive experiments on benchmark datasets demonstrate the effectiveness and efficiency of IBD-PSC, showing high AUROC and F1 scores against various backdoor attacks. The method also demonstrates resistance to potential adaptive attacks and can be used to purify training datasets. The paper concludes with a discussion on the limitations and future directions of backdoor defense strategies.This paper introduces IBD-PSC, a novel input-level backdoor detection method designed to filter out malicious testing images. The method leverages the parameter-oriented scaling consistency (PSC) phenomenon, where the prediction confidences of poisoned samples are more consistent than those of benign samples when the parameters of batch normalization (BN) layers are amplified. The authors provide theoretical foundations for this phenomenon and design an adaptive algorithm to select the optimal number of BN layers for amplification. Extensive experiments on benchmark datasets demonstrate the effectiveness and efficiency of IBD-PSC, showing high AUROC and F1 scores against various backdoor attacks. The method also demonstrates resistance to potential adaptive attacks and can be used to purify training datasets. The paper concludes with a discussion on the limitations and future directions of backdoor defense strategies.