2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS) 2022
DOI: 10.1109/aicas54282.2022.9869920
|View full text |Cite
|
Sign up to set email alerts
|

Dynamic Backdoors with Global Average Pooling

Abstract: Outsourced training and machine learning as a service have resulted in novel attack vectors like backdoor attacks. Such attacks embed a secret functionality in a neural network activated when the trigger is added to its input. In most works in the literature, the trigger is static, both in terms of location and pattern. The effectiveness of various detection mechanisms depends on this property. It was recently shown that countermeasures in image classification, like Neural Cleanse and ABS, could be bypassed wi… Show more

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1

Citation Types

0
2
0

Year Published

2023
2023
2024
2024

Publication Types

Select...
3
1
1

Relationship

1
4

Authors

Journals

citations
Cited by 6 publications
(2 citation statements)
references
References 10 publications
0
2
0
Order By: Relevance
“…In the same way, we added the number of convolution layers with the filter size of 32, 64, 128, and 256 having the same kernel size of 3 × 3, stride size of 1 × 1, and padding is valid. Subsequently, we applied the global average pooling [ 49 ], flattened, dense [ 50 ] (in the dense layer, we used 512 neurons and kernel regularizing techniques L1 (10 −5 ) and L2 (10 −4 ), and dropout [ 51 ] layers with 0.5%. In the end, the softmax function [ 47 ] was utilized with the output layer to determine the likelihood score for each class and classify the decision label as to whether the input image contained a glioma, meningioma, or pituitary tumor.…”
Section: Methodsmentioning
confidence: 99%
“…In the same way, we added the number of convolution layers with the filter size of 32, 64, 128, and 256 having the same kernel size of 3 × 3, stride size of 1 × 1, and padding is valid. Subsequently, we applied the global average pooling [ 49 ], flattened, dense [ 50 ] (in the dense layer, we used 512 neurons and kernel regularizing techniques L1 (10 −5 ) and L2 (10 −4 ), and dropout [ 51 ] layers with 0.5%. In the end, the softmax function [ 47 ] was utilized with the output layer to determine the likelihood score for each class and classify the decision label as to whether the input image contained a glioma, meningioma, or pituitary tumor.…”
Section: Methodsmentioning
confidence: 99%
“…Backdoor attacks are a class of machine learning threats where the attacker embeds a secret functionality into the victim's model, which can be triggered at the testing time from malicious inputs [1,2]. Backdoor triggers can be grouped into two major families: static, when the trigger is a fixed pattern attached to the poisoned sample [1], and dynamic when the trigger's properties vary for each poisoned sample [3,4]. Dynamic triggers are generally stronger as they can be effective under different conditions and potentially bypass state-of-the-art countermeasures [3].…”
Section: Introductionmentioning
confidence: 99%