A Random Multi-target Backdooring Attack on Deep Neural Networks

Xinrui Liu; Xiao Yu; Zhibin Zhang; Quanxin Zhang; Yuanzhang Li; Yu an Tan

doi:10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks

Xinrui Liu, Xiao Yu^*, Zhibin Zhang, Quanxin Zhang, Yuanzhang Li, Yu an Tan

^*此作品的通讯作者

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

摘要

Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

源语言	英语
主期刊名	Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings
编辑	Ying Tan, Yuhui Shi, Albert Zomaya, Hongyang Yan, Jun Cai
出版商	Springer Science and Business Media Deutschland GmbH
页	45-52
页数	8
ISBN（印刷版）	9789811675010
DOI	https://doi.org/10.1007/978-981-16-7502-7_5
出版状态	已出版 - 2021
活动	6th International Conference on Data Mining and Big Data, DMBD 2021 - Guangzhou, 中国期限: 20 10月 2021 → 22 10月 2021

出版系列

姓名	Communications in Computer and Information Science
卷	1454 CCIS
ISSN（印刷版）	1865-0929
ISSN（电子版）	1865-0937

会议

会议	6th International Conference on Data Mining and Big Data, DMBD 2021
国家/地区	中国
市	Guangzhou
时期	20/10/21 → 22/10/21

访问文件

10.1007/978-981-16-7502-7_5

其它文件与链接

链接到 Scopus 的出版物

引用此

Liu, X., Yu, X., Zhang, Z., Zhang, Q., Li, Y., & Tan, Y. A. (2021). A Random Multi-target Backdooring Attack on Deep Neural Networks. 在 Y. Tan, Y. Shi, A. Zomaya, H. Yan, & J. Cai (编辑), Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings (页码 45-52). (Communications in Computer and Information Science; 卷 1454 CCIS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-16-7502-7_5

Liu, Xinrui ; Yu, Xiao ; Zhang, Zhibin 等. / A Random Multi-target Backdooring Attack on Deep Neural Networks. Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. 编辑 / Ying Tan ; Yuhui Shi ; Albert Zomaya ; Hongyang Yan ; Jun Cai. Springer Science and Business Media Deutschland GmbH, 2021. 页码 45-52 (Communications in Computer and Information Science).

@inproceedings{1f8f9030d8014132bed5339fa15d42aa,

title = "A Random Multi-target Backdooring Attack on Deep Neural Networks",

abstract = "Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.",

keywords = "Backdoor attack, Deep neural network, Machine learning, Poisoning attack",

author = "Xinrui Liu and Xiao Yu and Zhibin Zhang and Quanxin Zhang and Yuanzhang Li and Tan, {Yu an}",

note = "Publisher Copyright: {\textcopyright} 2021, Springer Nature Singapore Pte Ltd.; 6th International Conference on Data Mining and Big Data, DMBD 2021 ; Conference date: 20-10-2021 Through 22-10-2021",

year = "2021",

doi = "10.1007/978-981-16-7502-7_5",

language = "English",

isbn = "9789811675010",

series = "Communications in Computer and Information Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "45--52",

editor = "Ying Tan and Yuhui Shi and Albert Zomaya and Hongyang Yan and Jun Cai",

booktitle = "Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings",

address = "Germany",

}

Liu, X, Yu, X, Zhang, Z, Zhang, Q , Li, Y & Tan, YA 2021, A Random Multi-target Backdooring Attack on Deep Neural Networks. 在 Y Tan, Y Shi, A Zomaya, H Yan & J Cai (编辑), Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. Communications in Computer and Information Science, 卷 1454 CCIS, Springer Science and Business Media Deutschland GmbH, 页码 45-52, 6th International Conference on Data Mining and Big Data, DMBD 2021, Guangzhou, 中国, 20/10/21. https://doi.org/10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks. / Liu, Xinrui; Yu, Xiao; Zhang, Zhibin 等.
Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. 编辑 / Ying Tan; Yuhui Shi; Albert Zomaya; Hongyang Yan; Jun Cai. Springer Science and Business Media Deutschland GmbH, 2021. 页码 45-52 (Communications in Computer and Information Science; 卷 1454 CCIS).

科研成果: 书/报告/会议事项章节 › 会议稿件 › 同行评审

TY - GEN

T1 - A Random Multi-target Backdooring Attack on Deep Neural Networks

AU - Liu, Xinrui

AU - Yu, Xiao

AU - Zhang, Zhibin

AU - Zhang, Quanxin

AU - Li, Yuanzhang

AU - Tan, Yu an

PY - 2021

Y1 - 2021

N2 - Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

AB - Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.

KW - Backdoor attack

KW - Deep neural network

KW - Machine learning

KW - Poisoning attack

UR - http://www.scopus.com/inward/record.url?scp=85119604381&partnerID=8YFLogxK

U2 - 10.1007/978-981-16-7502-7_5

DO - 10.1007/978-981-16-7502-7_5

M3 - Conference contribution

AN - SCOPUS:85119604381

SN - 9789811675010

T3 - Communications in Computer and Information Science

SP - 45

EP - 52

BT - Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings

A2 - Tan, Ying

A2 - Shi, Yuhui

A2 - Zomaya, Albert

A2 - Yan, Hongyang

A2 - Cai, Jun

PB - Springer Science and Business Media Deutschland GmbH

T2 - 6th International Conference on Data Mining and Big Data, DMBD 2021

Y2 - 20 October 2021 through 22 October 2021

ER -

Liu X, Yu X, Zhang Z, Zhang Q , Li Y , Tan YA. A Random Multi-target Backdooring Attack on Deep Neural Networks. 在 Tan Y, Shi Y, Zomaya A, Yan H, Cai J, 编辑, Data Mining and Big Data - 6th International Conference, DMBD 2021, Proceedings. Springer Science and Business Media Deutschland GmbH. 2021. 页码 45-52. (Communications in Computer and Information Science). doi: 10.1007/978-981-16-7502-7_5

A Random Multi-target Backdooring Attack on Deep Neural Networks

摘要

出版系列

会议

访问文件

其它文件与链接

指纹

引用此