Backdooring and Poisoning Neural Networks with Image-Scaling Attacks

Quiring, Erwin; Rieck, Konrad

doi:10.1109/spw50608.2020.00024

Cited by 57 publications

(22 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Inspired by Ref. [67], which proposes attacks in the data preprocessing phase. Image-scaling attacks [68] combines poisoning-based attack and image-scaling to help hide poisoned details to escape from detection.…”

Section: Clean-label Attackmentioning

confidence: 99%

Backdoor Attacks on Image Classification Models in Deep Neural Networks

Zhang

Wang

et al. 2022

Chinese J of Electronics

View full text Add to dashboard Cite

Deep neural network (DNN) is applied widely in many applications and achieves state-of-the-art performance. However, DNN lacks transparency and interpretability for users in structure. Attackers can use this feature to embed trojan horses in the DNN structure, such as inserting a backdoor into the DNN, so that DNN can learn both the normal main task and additional malicious tasks at the same time. Besides, DNN relies on data set for training. Attackers can tamper with training data to interfere with DNN training process, such as attaching a trigger on input data. Because of defects in DNN structure and data, the backdoor attack can be a serious threat to the security of DNN. The DNN attacked by backdoor performs well on benign inputs while it outputs an attacker-specified label on trigger attached inputs. Backdoor attack can be conducted in almost every stage of the machine learning pipeline. Although there are a few researches in the backdoor attack on image classification, a systematic review is still rare in this field. This paper is a comprehensive review of backdoor attacks. According to whether attackers have access to the training data, we divide various backdoor attacks into two types: poisoningbased attacks and non-poisoning-based attacks. We go through the details of each work in the timeline, discussing its contribution and deficiencies. We propose a detailed mathematical backdoor model to summary all kinds of backdoor attacks. In the end, we provide some insights about future studies.

show abstract

Section: Clean-label Attackmentioning

confidence: 99%

Backdoor Attacks on Image Classification Models in Deep Neural Networks

Zhang

Wang

et al. 2022

Chinese J of Electronics

View full text Add to dashboard Cite

show abstract

“…This makes the detection of the trigger hard in their attack. Quiring et al [14] discovered that the image scaling functions are generally vulnerable when subjected to attacks. Hence, they utilised the image scaling attacks for efficient Trojan injection while keeping the trigger hidden.…”

Section: A Training Data Poisoningmentioning

confidence: 99%

A Survey of Neural Trojan Attacks and Defenses in Deep Learning

Wang¹,

Hassan²,

Akhtar³

2022

Preprint

View full text Add to dashboard Cite

Artificial Intelligence (AI) relies heavily on deep learning -a technology that is becoming increasingly popular in real-life applications of AI, even in the safety-critical and high-risk domains. However, it is recently discovered that deep learning can be manipulated by embedding Trojans inside it. Unfortunately, pragmatic solutions to circumvent the computational requirements of deep learning, e.g. outsourcing model training or data annotation to third parties, further add to model susceptibility to the Trojan attacks. Due to the key importance of the topic in deep learning, recent literature has seen many contributions in this direction. We conduct a comprehensive review of the techniques that devise Trojan attacks for deep learning and explore their defenses. Our informative survey systematically organizes the recent literature and discusses the key concepts of the methods while assuming minimal knowledge of the domain on the readers part. It provides a comprehensible gateway to the broader community to understand the recent developments in Neural Trojans.

show abstract

“…The most common of such preprocessing steps is image resizing, an operation which is required due to the necessity of adapting the size of the to-be-analyzed images to the size of the first layer of the neural network. In [46], Quiring et al exploit image scaling preprocessing to hide the triggering pattern into the poisoned images. They do so by applying the so-called camouflage (CF) attack described in [47], whereby it is possible to build an image whose visual content changes dramatically after scaling (see the example reported in [47],…”

Section: + =mentioning

confidence: 99%

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Guo¹,

Tondi²,

Barni³

2021

Preprint

View full text Add to dashboard Cite

Together with impressive advances touching every aspect of our society, AI technology based on Deep Neural Networks (DNN) is bringing increasing security concerns. While attacks operating at test time have monopolised the initial attention of researchers, backdoor attacks, exploiting the possibility of corrupting DNN models by interfering with the training process, represents a further serious threat undermining the dependability of AI techniques. In a backdoor attack, the attacker corrupts the training data so to induce an erroneous behaviour at test time. Test time errors, however, are activated only in the presence of a triggering event corresponding to a properly crafted input sample. In this way, the corrupted network continues to work as expected for regular inputs, and the malicious behaviour occurs only when the attacker decides to activate the backdoor hidden within the network. In the last few years, backdoor attacks have been the subject of an intense research activity focusing on both the development of new classes of attacks, and the proposal of possible countermeasures. The goal of this overview paper is to review the works published until now, classifying the different types of attacks and defences proposed so far. The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time. As such, the proposed analysis is particularly suited to highlight the strengths and weaknesses of both attacks and defences with reference to the application scenarios they are operating in.

show abstract

Backdooring and Poisoning Neural Networks with Image-Scaling Attacks

Cited by 57 publications

References 9 publications

Backdoor Attacks on Image Classification Models in Deep Neural Networks

Backdoor Attacks on Image Classification Models in Deep Neural Networks

A Survey of Neural Trojan Attacks and Defenses in Deep Learning

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Contact Info

Product

Resources

About