A multitarget backdooring attack on deep neural networks with random location trigger. Issue 3 (28th December 2021)
- Record Type:
- Journal Article
- Title:
- A multitarget backdooring attack on deep neural networks with random location trigger. Issue 3 (28th December 2021)
- Main Title:
- A multitarget backdooring attack on deep neural networks with random location trigger
- Authors:
- Xiao, Yu
Cong, Liu
Mingwen, Zheng
Yajie, Wang
Xinrui, Liu
Shuxiao, Song
Yuexuan, Ma
Jun, Zheng - Abstract:
- Abstract: Machine learning has made tremendous progress and applied to various critical practical applications. However, recent studies have shown that machine learning models are vulnerable to malicious attackers, such as neural network backdoor triggering. A successful backdoor triggering behavior may cause serious consequences, such as allowing the attacker to bypass the identity verification and directly enter the system. In image classification, there is always only one target label triggered by one backdoor trigger in previous works. The position of the backdoor trigger is also fixed, which brings limitations to the attack. In this paper, we propose a novel method that utilizes one trigger pattern to correspond to multiple target labels, and the location of the trigger is not limited. In our method, the trigger guarantees that the malicious output is within the range of multiple targets chosen by the attacker, but the specific target depends on the original image where the trigger is pasted. Due to the original images' diversity, it is difficult for the defender to predict which target the image with the trigger is classified as. Besides, the attacker can use only one trigger pattern to achieve multitarget attacks at different locations, which brings more flexibility. We also proposed to train a neural network as a detector to distinguish backdoor images and clean images for multitarget backdooring attacks. Experiment results show that the detection method can alsoAbstract: Machine learning has made tremendous progress and applied to various critical practical applications. However, recent studies have shown that machine learning models are vulnerable to malicious attackers, such as neural network backdoor triggering. A successful backdoor triggering behavior may cause serious consequences, such as allowing the attacker to bypass the identity verification and directly enter the system. In image classification, there is always only one target label triggered by one backdoor trigger in previous works. The position of the backdoor trigger is also fixed, which brings limitations to the attack. In this paper, we propose a novel method that utilizes one trigger pattern to correspond to multiple target labels, and the location of the trigger is not limited. In our method, the trigger guarantees that the malicious output is within the range of multiple targets chosen by the attacker, but the specific target depends on the original image where the trigger is pasted. Due to the original images' diversity, it is difficult for the defender to predict which target the image with the trigger is classified as. Besides, the attacker can use only one trigger pattern to achieve multitarget attacks at different locations, which brings more flexibility. We also proposed to train a neural network as a detector to distinguish backdoor images and clean images for multitarget backdooring attacks. Experiment results show that the detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is as high as 86.02%. … (more)
- Is Part Of:
- International journal of intelligent systems. Volume 37:Issue 3(2022)
- Journal:
- International journal of intelligent systems
- Issue:
- Volume 37:Issue 3(2022)
- Issue Display:
- Volume 37, Issue 3 (2022)
- Year:
- 2022
- Volume:
- 37
- Issue:
- 3
- Issue Sort Value:
- 2022-0037-0003-0000
- Page Start:
- 2567
- Page End:
- 2583
- Publication Date:
- 2021-12-28
- Subjects:
- backdoor attack -- deep neural network -- image attack -- machine learning -- poisoning attack
Artificial intelligence -- Periodicals
Expert systems (Computer science) -- Periodicals
Intelligence artificielle -- Périodiques
Systèmes experts (Informatique) -- Périodiques
006.3 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)1098-111X ↗
https://www.hindawi.com/journals/ijis ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/int.22785 ↗
- Languages:
- English
- ISSNs:
- 0884-8173
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4542.310500
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 20810.xml