Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security 2020
DOI: 10.1145/3372297.3417231
|View full text |Cite
|
Sign up to set email alerts
|

Gotta Catch'Em All: Using Honeypots to Catch Adversarial Attacks on Neural Networks

Help me understand this report
View preprint versions

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

0
47
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 66 publications
(60 citation statements)
references
References 23 publications
0
47
0
Order By: Relevance
“…The attackers may employ various backdoor detection techniques (Wang et al, 2019b;Qiao et al, 2019) to detect if F contains trapdoors. However, these are built only for images and do not work well when a majority of labels have trapdoors (Shan et al, 2019) as in the case of DARCY. Recently, a few works proposed to detect backdoors in texts.…”
Section: Discussionmentioning
confidence: 99%
See 2 more Smart Citations
“…The attackers may employ various backdoor detection techniques (Wang et al, 2019b;Qiao et al, 2019) to detect if F contains trapdoors. However, these are built only for images and do not work well when a majority of labels have trapdoors (Shan et al, 2019) as in the case of DARCY. Recently, a few works proposed to detect backdoors in texts.…”
Section: Discussionmentioning
confidence: 99%
“…Honeypot-based Adversarial Detection. (Shan et al, 2019) adopts the "honeypot" concept to images. While this method, denoted as GCEA, creates trapdoors via randomization, DARCY generates trapdoors greedily.…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…The backdoor trigger can be generated by the conditional generative model if its perturbation level incurs an anomaly detection. Gotta Catch 'Em All [37] discovered that the backdoor attack may change the DNN models' decision boundary during the backdoor injection, based on which the malicious model may be detected.…”
Section: Related Workmentioning
confidence: 99%
“…A vast body of research has been dedicated to AE defense, considering the severity of the threat. Existing methods include model robustification with adversarial training techniques (e.g., [49], [66]), input transformation to mitigate the impact of AEs (e.g., [51], [61]), and various types of AE detectors that try to differentiate legitimate inputs and AEs according to specific criteria (e.g., [13], [67]). While effectively improving the robustness of DNN models, to the best of our knowledge, they all suffer from some weaknesses, e.g., defending against only a subset of AEs or causing a relatively high accuracy loss for legitimate inputs.…”
Section: Introductionmentioning
confidence: 99%