Backdoor Attacks on Image Classification Models in Deep Neural Networks

Quanxin Zhang*, M. A. Wencong, Yajie Wang*, Yaoyuan Zhang, Zhiwei Shi, L. I. Yuanzhang

*Corresponding author for this work

Research output: Contribution to journalReview articlepeer-review

20 Citations (Scopus)

Abstract

Deep neural network (DNN) is applied widely in many applications and achieves state-of-the-art performance. However, DNN lacks transparency and interpretability for users in structure. Attackers can use this feature to embed trojan horses in the DNN structure, such as inserting a backdoor into the DNN, so that DNN can learn both the normal main task and additional malicious tasks at the same time. Besides, DNN relies on data set for training. Attackers can tamper with training data to interfere with DNN training process, such as attaching a trigger on input data. Because of defects in DNN structure and data, the backdoor attack can be a serious threat to the security of DNN. The DNN attacked by backdoor performs well on benign inputs while it outputs an attacker-specified label on trigger attached inputs. Backdoor attack can be conducted in almost every stage of the machine learning pipeline. Although there are a few researches in the backdoor attack on image classification, a systematic review is still rare in this field. This paper is a comprehensive review of backdoor attacks. According to whether attackers have access to the training data, we divide various backdoor attacks into two types: poisoning-based attacks and non-poisoning-based attacks. We go through the details of each work in the timeline, discussing its contribution and deficiencies. We propose a detailed mathematical backdoor model to summary all kinds of backdoor attacks. In the end, we provide some insights about future studies.

Original languageEnglish
Pages (from-to)199-212
Number of pages14
JournalChinese Journal of Electronics
Volume31
Issue number2
DOIs
Publication statusPublished - Mar 2022

Keywords

  • Backdoor attack
  • Non-poisoning-based attacks
  • Poisoning-based attacks
  • Review
  • Security

Fingerprint

Dive into the research topics of 'Backdoor Attacks on Image Classification Models in Deep Neural Networks'. Together they form a unique fingerprint.

Cite this