A Random Multi-target Backdooring Attack on Deep Neural Networks

Xinrui Liu; Xiao Yu; Zhibin Zhang; Quanxin Zhang; Yuanzhang Li; Yu an Tan

doi:10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks

Xinrui Liu, Xiao Yu^*, Zhibin Zhang, Quanxin Zhang, Yuanzhang Li, Yu an Tan

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

Original language	English
Title of host publication	Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings
Editors	Ying Tan, Yuhui Shi, Albert Zomaya, Hongyang Yan, Jun Cai
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	45-52
Number of pages	8
ISBN (Print)	9789811675010
DOIs	https://doi.org/10.1007/978-981-16-7502-7_5
Publication status	Published - 2021
Event	6th International Conference on Data Mining and Big Data, DMBD 2021 - Guangzhou, China Duration: 20 Oct 2021 → 22 Oct 2021

Publication series

Name	Communications in Computer and Information Science
Volume	1454 CCIS
ISSN (Print)	1865-0929
ISSN (Electronic)	1865-0937

Conference

Conference	6th International Conference on Data Mining and Big Data, DMBD 2021
Country/Territory	China
City	Guangzhou
Period	20/10/21 → 22/10/21

Keywords

Backdoor attack
Deep neural network
Machine learning
Poisoning attack

Access to Document

10.1007/978-981-16-7502-7_5

Cite this

Liu, X., Yu, X., Zhang, Z., Zhang, Q., Li, Y., & Tan, Y. A. (2021). A Random Multi-target Backdooring Attack on Deep Neural Networks. In Y. Tan, Y. Shi, A. Zomaya, H. Yan, & J. Cai (Eds.), Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings (pp. 45-52). (Communications in Computer and Information Science; Vol. 1454 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-16-7502-7_5

Liu, Xinrui ; Yu, Xiao ; Zhang, Zhibin et al. / A Random Multi-target Backdooring Attack on Deep Neural Networks. Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. editor / Ying Tan ; Yuhui Shi ; Albert Zomaya ; Hongyang Yan ; Jun Cai. Springer Science and Business Media Deutschland GmbH, 2021. pp. 45-52 (Communications in Computer and Information Science).

@inproceedings{1f8f9030d8014132bed5339fa15d42aa,

title = "A Random Multi-target Backdooring Attack on Deep Neural Networks",

abstract = "Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.",

keywords = "Backdoor attack, Deep neural network, Machine learning, Poisoning attack",

author = "Xinrui Liu and Xiao Yu and Zhibin Zhang and Quanxin Zhang and Yuanzhang Li and Tan, {Yu an}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Singapore Pte Ltd.; 6th International Conference on Data Mining and Big Data, DMBD 2021 ; Conference date: 20-10-2021 Through 22-10-2021",

year = "2021",

doi = "10.1007/978-981-16-7502-7_5",

language = "English",

isbn = "9789811675010",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "45--52",

editor = "Ying Tan and Yuhui Shi and Albert Zomaya and Hongyang Yan and Jun Cai",

booktitle = "Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings",

address = "Germany",

}

Liu, X, Yu, X, Zhang, Z, Zhang, Q , Li, Y & Tan, YA 2021, A Random Multi-target Backdooring Attack on Deep Neural Networks. in Y Tan, Y Shi, A Zomaya, H Yan & J Cai (eds), Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. Communications in Computer and Information Science, vol. 1454 CCIS, Springer Science and Business Media Deutschland GmbH, pp. 45-52, 6th International Conference on Data Mining and Big Data, DMBD 2021, Guangzhou, China, 20/10/21. https://doi.org/10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks. / Liu, Xinrui; Yu, Xiao; Zhang, Zhibin et al.
Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. ed. / Ying Tan; Yuhui Shi; Albert Zomaya; Hongyang Yan; Jun Cai. Springer Science and Business Media Deutschland GmbH, 2021. p. 45-52 (Communications in Computer and Information Science; Vol. 1454 CCIS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - A Random Multi-target Backdooring Attack on Deep Neural Networks

AU - Liu, Xinrui

AU - Yu, Xiao

AU - Zhang, Zhibin

AU - Zhang, Quanxin

AU - Li, Yuanzhang

AU - Tan, Yu an

PY - 2021

Y1 - 2021

N2 - Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

AB - Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

KW - Backdoor attack

KW - Deep neural network

KW - Machine learning

KW - Poisoning attack

UR - http://www.scopus.com/inward/record.url?scp=85119604381&partnerID=8YFLogxK

U2 - 10.1007/978-981-16-7502-7_5

DO - 10.1007/978-981-16-7502-7_5

M3 - Conference contribution

AN - SCOPUS:85119604381

SN - 9789811675010

T3 - Communications in Computer and Information Science

SP - 45

EP - 52

BT - Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings

A2 - Tan, Ying

A2 - Shi, Yuhui

A2 - Zomaya, Albert

A2 - Yan, Hongyang

A2 - Cai, Jun

PB - Springer Science and Business Media Deutschland GmbH

T2 - 6th International Conference on Data Mining and Big Data, DMBD 2021

Y2 - 20 October 2021 through 22 October 2021

ER -

Liu X, Yu X, Zhang Z, Zhang Q , Li Y , Tan YA. A Random Multi-target Backdooring Attack on Deep Neural Networks. In Tan Y, Shi Y, Zomaya A, Yan H, Cai J, editors, Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. p. 45-52. (Communications in Computer and Information Science). doi: 10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this