A Feature-Based On-Line Detector to Remove Adversarial-Backdoors by Iterative Demarcation

Fu, Hao; Veldanda, Akshaj Kumar; Krishnamurthy, P.; Garg, Siddharth; Khorrami, Farshad

doi:10.1109/access.2022.3141077

Cited by 12 publications

(4 citation statements)

References 52 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similar to Spectral Signature [152] and Activation Clustering [132], the SCAn defense [131] extracts intermediary representations from a suspicious DNN as inputs to a separate outlier detection scheme. The Raid defense [154], meanwhile, decomposes a suspicious DNN into its feature extractor and classifier subnetworks and trains a new classifier atop the extractor using clean validation data. An outlier detection scheme then compares the predictions of the two classifiers given the same input feature representation.…”

Section: ) Data-based Backdoor Defensesmentioning

confidence: 99%

A Comprehensive Survey on Backdoor Attacks and Their Defenses in Face Recognition Systems

Roux,

Bourbao,

Teglia

et al. 2024

IEEE Access

View full text Add to dashboard Cite

Deep learning has significantly transformed face recognition, enabling the deployment of large-scale, state-of-the-art solutions worldwide. However, the widespread adoption of deep neural networks (DNNs) and the rise of Machine Learning as a Service emphasize the need for secure DNNs. This paper revisits the face recognition threat model in the context of DNN ubiquity and the common practice of outsourcing their training and hosting to third-parties. Here, we identify backdoor attacks as a significant threat to modern DNN-based face recognition systems (FRS). Backdoor attacks involve an attacker manipulating a DNN's training or deployment, injecting it with a stealthy and malicious behavior. Once the DNN has entered its inference stage, the attacker may activate the backdoor and compromise the DNN's intended functionality. Given the critical nature of this threat to DNN-based FRS, our paper comprehensively surveys the literature of backdoor attacks and defenses previously demonstrated on FRS DNNs. As a last point, we highlight potential vulnerabilities and unexplored areas in FRS security.

show abstract

Section: ) Data-based Backdoor Defensesmentioning

confidence: 99%

A Comprehensive Survey on Backdoor Attacks and Their Defenses in Face Recognition Systems

Roux,

Bourbao,

Teglia

et al. 2024

IEEE Access

View full text Add to dashboard Cite

show abstract

“…Closely related to backdoor detection is backdoor mitigation or erasure [23,26,31,43]. Techniques include randomized smoothing [58,69,70] and fine-pruning to remove the affected neurons [45,71].…”

Section: Backdoor Defensesmentioning

confidence: 99%

JIGSAW: Efficient and Scalable Path Constraints Fuzzing

Chen

Wang

Song

et al. 2022

2022 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

Malware classifiers are subject to training-time exploitation due to the need to regularly retrain using samples collected from the wild. Recent work has demonstrated the feasibility of backdoor attacks against malware classifiers, and yet the stealthiness of such attacks is not well understood. In this paper, we investigate this phenomenon under the clean-label setting (i.e., attackers do not have complete control over the training or labeling process). Empirically, we show that existing backdoor attacks in malware classifiers are still detectable by recent defenses such as MNTD. To improve stealthiness, we propose a new attack, Jigsaw Puzzle (JP), based on the key observation that malware authors have little to no incentive to protect any other authors' malware but their own. As such, Jigsaw Puzzle learns a trigger to complement the latent patterns of the malware author's samples, and activates the backdoor only when the trigger and the latent pattern are pieced together in a sample. We further focus on realizable triggers in the problem space (e.g., software code) using bytecode gadgets broadly harvested from benign software. Our evaluation confirms that Jigsaw Puzzle is effective as a backdoor, remains stealthy against state-of-the-art defenses, and is a threat in realistic settings that depart from reasoning about feature-space only attacks. We conclude by exploring promising approaches to improve backdoor defenses.

show abstract

“…Chou et al [90] utilised saliency map for detecting potential triggers in the input, and then they filtered the samples containing the triggers. Li et al [111] claimed that it is not evidental that there Fu et al [123] recently proposed a novel feature-based on-line detection strategy for neural Trojans that is named Removing Adversarial-Backdoors by Iterative Demarcation (RAID). This is achieved in two stages, which are off-line training and on-line retraining.…”

Section: F Input Filteringmentioning

confidence: 99%

A Survey of Neural Trojan Attacks and Defenses in Deep Learning

Wang¹,

Hassan²,

Akhtar³

2022

Preprint

View full text Add to dashboard Cite

Artificial Intelligence (AI) relies heavily on deep learning -a technology that is becoming increasingly popular in real-life applications of AI, even in the safety-critical and high-risk domains. However, it is recently discovered that deep learning can be manipulated by embedding Trojans inside it. Unfortunately, pragmatic solutions to circumvent the computational requirements of deep learning, e.g. outsourcing model training or data annotation to third parties, further add to model susceptibility to the Trojan attacks. Due to the key importance of the topic in deep learning, recent literature has seen many contributions in this direction. We conduct a comprehensive review of the techniques that devise Trojan attacks for deep learning and explore their defenses. Our informative survey systematically organizes the recent literature and discusses the key concepts of the methods while assuming minimal knowledge of the domain on the readers part. It provides a comprehensible gateway to the broader community to understand the recent developments in Neural Trojans.

show abstract

A Feature-Based On-Line Detector to Remove Adversarial-Backdoors by Iterative Demarcation

Cited by 12 publications

References 52 publications

A Comprehensive Survey on Backdoor Attacks and Their Defenses in Face Recognition Systems

A Comprehensive Survey on Backdoor Attacks and Their Defenses in Face Recognition Systems

JIGSAW: Efficient and Scalable Path Constraints Fuzzing

A Survey of Neural Trojan Attacks and Defenses in Deep Learning

Contact Info

Product

Resources

About