Deep learning backdoors

Shaofeng Li; Shiqing Ma; Minhui Xue; Benjamin Zi Hao Zhao

doi:10.1007/978-3-030-98795-4_13

Deep learning backdoors

Shaofeng Li^*, Shiqing Ma, Minhui Xue, Benjamin Zi Hao Zhao

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

8 Citations (Scopus)

Abstract

In this chapter, we will give a comprehensive survey on backdoor attacks, mitigation and challenges and propose some open problems. We first introduce an attack vector that derives from the Deep Neural Network (DNN) model itself. DNN models are trained from gigantic data that may be poisoned by attackers. Different from the traditional poisoning attacks that interfere with the decision boundary, backdoor attacks create a “shortcut” in the model’s decision boundary. Such a “shortcut” can only be activated by a trigger known by the attacker itself, while it performs well on benign inputs without the trigger. We then show several mitigation techniques from the frontend to the backend of the machine learning pipeline. We finally provide avenues for future research. We hope to raise awareness about the severity of the current emerging backdoor attacks in DNNs and attempt to provide a timely solution to fight against them.

Original language	English
Title of host publication	Security and artificial intelligence
Subtitle of host publication	a crossdisciplinary approach
Editors	Lejla Batina, Thomas Bäck, Ileana Buhan, Stjepan Picek
Place of Publication	Cham
Publisher	Springer, Springer Nature
Chapter	13
Pages	313-334
Number of pages	22
ISBN (Electronic)	9783030987954
ISBN (Print)	9783030987947
DOIs	https://doi.org/10.1007/978-3-030-98795-4_13
Publication status	Published - 2022

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	13049
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Access to Document

10.1007/978-3-030-98795-4_13

Cite this

@inbook{dec6f54050fc4635a5386b6fd6fb676d,

title = "Deep learning backdoors",

abstract = "In this chapter, we will give a comprehensive survey on backdoor attacks, mitigation and challenges and propose some open problems. We first introduce an attack vector that derives from the Deep Neural Network (DNN) model itself. DNN models are trained from gigantic data that may be poisoned by attackers. Different from the traditional poisoning attacks that interfere with the decision boundary, backdoor attacks create a “shortcut” in the model{\textquoteright}s decision boundary. Such a “shortcut” can only be activated by a trigger known by the attacker itself, while it performs well on benign inputs without the trigger. We then show several mitigation techniques from the frontend to the backend of the machine learning pipeline. We finally provide avenues for future research. We hope to raise awareness about the severity of the current emerging backdoor attacks in DNNs and attempt to provide a timely solution to fight against them.",

author = "Shaofeng Li and Shiqing Ma and Minhui Xue and Zhao, {Benjamin Zi Hao}",

year = "2022",

doi = "10.1007/978-3-030-98795-4_13",

language = "English",

isbn = "9783030987947",

series = "Lecture Notes in Computer Science",

publisher = "Springer, Springer Nature",

pages = "313--334",

editor = "Lejla Batina and Thomas B{\"a}ck and Ileana Buhan and Stjepan Picek",

booktitle = "Security and artificial intelligence",

address = "United States",

}

Deep learning backdoors. / Li, Shaofeng; Ma, Shiqing; Xue, Minhui et al.
Security and artificial intelligence: a crossdisciplinary approach. ed. / Lejla Batina; Thomas Bäck; Ileana Buhan; Stjepan Picek. Cham: Springer, Springer Nature, 2022. p. 313-334 (Lecture Notes in Computer Science; Vol. 13049).

Research output: Chapter in Book/Report/Conference proceeding › Chapter › peer-review

TY - CHAP

T1 - Deep learning backdoors

AU - Li, Shaofeng

AU - Ma, Shiqing

AU - Xue, Minhui

AU - Zhao, Benjamin Zi Hao

PY - 2022

Y1 - 2022

N2 - In this chapter, we will give a comprehensive survey on backdoor attacks, mitigation and challenges and propose some open problems. We first introduce an attack vector that derives from the Deep Neural Network (DNN) model itself. DNN models are trained from gigantic data that may be poisoned by attackers. Different from the traditional poisoning attacks that interfere with the decision boundary, backdoor attacks create a “shortcut” in the model’s decision boundary. Such a “shortcut” can only be activated by a trigger known by the attacker itself, while it performs well on benign inputs without the trigger. We then show several mitigation techniques from the frontend to the backend of the machine learning pipeline. We finally provide avenues for future research. We hope to raise awareness about the severity of the current emerging backdoor attacks in DNNs and attempt to provide a timely solution to fight against them.

AB - In this chapter, we will give a comprehensive survey on backdoor attacks, mitigation and challenges and propose some open problems. We first introduce an attack vector that derives from the Deep Neural Network (DNN) model itself. DNN models are trained from gigantic data that may be poisoned by attackers. Different from the traditional poisoning attacks that interfere with the decision boundary, backdoor attacks create a “shortcut” in the model’s decision boundary. Such a “shortcut” can only be activated by a trigger known by the attacker itself, while it performs well on benign inputs without the trigger. We then show several mitigation techniques from the frontend to the backend of the machine learning pipeline. We finally provide avenues for future research. We hope to raise awareness about the severity of the current emerging backdoor attacks in DNNs and attempt to provide a timely solution to fight against them.

UR - http://www.scopus.com/inward/record.url?scp=85128084176&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-98795-4_13

DO - 10.1007/978-3-030-98795-4_13

M3 - Chapter

AN - SCOPUS:85128084176

SN - 9783030987947

T3 - Lecture Notes in Computer Science

SP - 313

EP - 334

BT - Security and artificial intelligence

A2 - Batina, Lejla

A2 - Bäck, Thomas

A2 - Buhan, Ileana

A2 - Picek, Stjepan

PB - Springer, Springer Nature

CY - Cham

ER -

Deep learning backdoors

Abstract

Publication series

Access to Document

Other files and links

Fingerprint

Cite this