Boundary augment: A data augment method to defend poison attack. Issue 13 (28th August 2021)
- Record Type:
- Journal Article
- Title:
- Boundary augment: A data augment method to defend poison attack. Issue 13 (28th August 2021)
- Main Title:
- Boundary augment: A data augment method to defend poison attack
- Authors:
- Chen, Xuan
Ma, YueNa
Lu, ShiWei
Yao, Yu - Abstract:
- Abstract: In recent years, Deep Neural Networks(DNNs) have been applied in many fields such as computer vision and natural language processing. Many third‐party cloud training platforms have been built to facilitate many individual users or small enterprises for training their models, for example, Colab(google) or AWS cloud platform. For these cloud platforms, there exist many potentially fatal risks, including poison attacks. At the same time, as for federated learning, poison attack is also a severe threat to which. In this paper, a novel method to defend against poison attacks by estimating the distribution of poison data and retraining the backdoor model with a few training data is introduced. The estimated distribution under the manifold DeepFool algorithm fits the poison data well, which can be used to search the manifold boundary of the poisoned data and the clean. Unlike empirical defense methods, the authors' approach is attack‐agnostic, which means that the approach is robust for the various attack methods. Also, it is proven that the adversarial training approach is a practical approach to defend against the poison attack. The authors' approach is tested on the datasets MNIST, CIFAR‐10, GTSRB and ImageNet . The accuracy of the retrained model decreases slightly, but the ASR drops drastically, which proves that our approach has a powerful generalization to defend against the most poison attacks.
- Is Part Of:
- IET image processing. Volume 15:Issue 13(2021)
- Journal:
- IET image processing
- Issue:
- Volume 15:Issue 13(2021)
- Issue Display:
- Volume 15, Issue 13 (2021)
- Year:
- 2021
- Volume:
- 15
- Issue:
- 13
- Issue Sort Value:
- 2021-0015-0013-0000
- Page Start:
- 3292
- Page End:
- 3303
- Publication Date:
- 2021-08-28
- Subjects:
- Image processing -- Periodicals
621.36705 - Journal URLs:
- http://digital-library.theiet.org/content/journals/iet-ipr ↗
http://ieeexplore.ieee.org/servlet/opac?punumber=4149689 ↗
http://www.ietdl.org/IET-IPR ↗
https://ietresearch.onlinelibrary.wiley.com/journal/17519667 ↗
http://www.theiet.org/ ↗ - DOI:
- 10.1049/ipr2.12325 ↗
- Languages:
- English
- ISSNs:
- 1751-9659
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4363.252600
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 26193.xml