This paper introduces a novel defense mechanism, EFRAP, against quantization-conditioned backdoor attacks (QCBs), which are malicious attacks that exploit the standard model quantization process to activate hidden backdoors. QCBs remain dormant in full-precision models but become active after quantization, making them difficult to detect and defend against. Existing defenses are ineffective due to the unique characteristics of QCBs, which are not triggered by the presence of a trigger in the input until after quantization. The authors analyze the activation mechanism of QCBs, finding that the nearest rounding operation during quantization introduces truncation errors that can activate dormant backdoors. Based on this insight, EFRAP proposes an error-guided flipped rounding strategy with activation preservation. This strategy learns a non-nearest rounding strategy that disrupts the direct link between truncation errors and quantization, thereby mitigating backdoor risks while preserving clean accuracy. EFRAP is designed to flip the rounding strategies of neurons with larger truncation errors, while preserving the activation of neurons crucial for clean accuracy. This approach effectively reduces the attack success rate (ASR) across various settings, as demonstrated by extensive evaluations on benchmark datasets. The results show that EFRAP outperforms existing backdoor defenses and robust quantization techniques in terms of clean data accuracy (CDA) and defense trade-off metric (DTM). The paper also discusses the effectiveness of EFRAP across different model architectures and evaluates its resistance to adaptive attacks. The results indicate that EFRAP is robust against all tested attacks, maintaining high CDA and DTM while significantly reducing ASR. The authors conclude that EFRAP is an effective and practical defense against QCBs, highlighting the need for further research into DNN lifecycle security and the development of effective detection and defense mechanisms for conditioned backdoor attacks.This paper introduces a novel defense mechanism, EFRAP, against quantization-conditioned backdoor attacks (QCBs), which are malicious attacks that exploit the standard model quantization process to activate hidden backdoors. QCBs remain dormant in full-precision models but become active after quantization, making them difficult to detect and defend against. Existing defenses are ineffective due to the unique characteristics of QCBs, which are not triggered by the presence of a trigger in the input until after quantization. The authors analyze the activation mechanism of QCBs, finding that the nearest rounding operation during quantization introduces truncation errors that can activate dormant backdoors. Based on this insight, EFRAP proposes an error-guided flipped rounding strategy with activation preservation. This strategy learns a non-nearest rounding strategy that disrupts the direct link between truncation errors and quantization, thereby mitigating backdoor risks while preserving clean accuracy. EFRAP is designed to flip the rounding strategies of neurons with larger truncation errors, while preserving the activation of neurons crucial for clean accuracy. This approach effectively reduces the attack success rate (ASR) across various settings, as demonstrated by extensive evaluations on benchmark datasets. The results show that EFRAP outperforms existing backdoor defenses and robust quantization techniques in terms of clean data accuracy (CDA) and defense trade-off metric (DTM). The paper also discusses the effectiveness of EFRAP across different model architectures and evaluates its resistance to adaptive attacks. The results indicate that EFRAP is robust against all tested attacks, maintaining high CDA and DTM while significantly reducing ASR. The authors conclude that EFRAP is an effective and practical defense against QCBs, highlighting the need for further research into DNN lifecycle security and the development of effective detection and defense mechanisms for conditioned backdoor attacks.