Multi-Model Selective Backdoor Attack with Different Trigger Positions
TL;DR: A multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger is proposed.
read more
Abstract: Deep neural networks show good performance in image recognition, speech recognition, and pattern analysis. However, deep neural networks show weaknesses, one of which is vulnerability to backdoor attacks. A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, but the backdoor samples with the specific trigger will be incorrectly classified by the model. Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. In certain situations, it may be necessary to carry out a selective backdoor attack on a specific model in an environment with multiple models. In this paper, we propose a multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger. The experiment for this study used MNIST and Fashion-MNIST as datasets and TensorFlow as the machine learning library. The results show that the proposed scheme has a 100% average attack success rate for each model while maintaining 97.1% and 90.9% accuracy on the original samples for MNIST and Fashion-MNIST, respectively. key words: backdoor attack, machine learning, deep neural network, different classes
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences
TL;DR: In this paper , the authors present a review of the works published until now, classifying the different types of attacks and defences proposed so far, and the classification guiding the analysis is based on the amount of control that the attacker has on the training process, and how the defender can verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time.
A Novel Image Recognition Method Based on DenseNet and DPRN
TL;DR: Zhang et al. as discussed by the authors proposed a pyramid residual network (DPRN) based on DenseNet and dilated convolutional networks (DCNNs) for image recognition.
CAEVT: Convolutional Autoencoder Meets Lightweight Vision Transformer for Hyperspectral Image Classification
TL;DR: This study built a lightweight vision transformer for HSI classification that can extract local and global information simultaneously, thereby facilitating accurate classification and validated the performance of the proposed CAEVT network using four widely used hyperspectral datasets.
Universal backdoor attack on deep neural networks for malware detection
Yunchun Zhang,Fan Feng,Zikun Liao,Zixuan Li,Shaowen Yao +4 more
TL;DR: Zhang et al. as mentioned in this paper designed a backdoor attack targeting three benchmark convolutional neural networks (CNNs) for malware detection, which involves two steps: trigger generation and trigger insertion.
10
•Posted Content
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences.
TL;DR: In this article, the authors present a review of the works published until now, classifying the different types of attacks and defences proposed so far, and the classification guiding the analysis is based on the amount of control that the attacker has on the training process, and how the defender can verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time.
4
References
Gradient-based learning applied to document recognition
Yann LeCun,Léon Bottou,Léon Bottou,Yoshua Bengio,Yoshua Bengio,Yoshua Bengio,Patrick Haffner +6 more
- 01 Jan 1998
TL;DR: In this article, a graph transformer network (GTN) is proposed for handwritten character recognition, which can be used to synthesize a complex decision surface that can classify high-dimensional patterns, such as handwritten characters.
53.5K
Gradient-based learning applied to document recognition
Yann LeCun,Léon Bottou,Léon Bottou,Yoshua Bengio,Yoshua Bengio,Yoshua Bengio,Patrick Haffner,Patrick Haffner +7 more
- 01 Jan 2001
TL;DR: This paper reviews various methods applied to handwritten character recognition and compares them on a standard handwritten digit recognition task, and Convolutional neural networks are shown to outperform all other techniques.
32.7K
Deep learning in neural networks
TL;DR: This historical survey compactly summarizes relevant work, much of it from the previous millennium, review deep supervised learning, unsupervised learning, reinforcement learning & evolutionary computation, and indirect search for short programs encoding deep and large networks.
18.7K
•Posted Content
Fashion-MNIST: a Novel Image Dataset for Benchmarking Machine Learning Algorithms
TL;DR: Fashion-MNIST is intended to serve as a direct drop-in replacement for the original MNIST dataset for benchmarking machine learning algorithms, as it shares the same image size, data format and the structure of training and testing splits.
9.4K
One Pixel Attack for Fooling Deep Neural Networks
TL;DR: This paper proposes a novel method for generating one-pixel adversarial perturbations based on differential evolution (DE), which requires less adversarial information (a black-box attack) and can fool more types of networks due to the inherent features of DE.
2.6K