The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
Redes neurais profundas apresentam bom desempenho em reconhecimento de imagem, reconhecimento de fala e análise de padrões. No entanto, as redes neurais profundas apresentam pontos fracos, um dos quais é a vulnerabilidade a ataques backdoor. Um ataque backdoor realiza treinamento adicional do modelo alvo em amostras backdoor que contêm um gatilho específico para que os dados normais sem o gatilho sejam classificados corretamente pelo modelo, mas as amostras backdoor com o gatilho específico serão classificadas incorretamente pelo modelo. Vários estudos sobre esses ataques backdoor foram realizados. No entanto, o ataque backdoor existente causa classificação incorreta por um classificador. Em determinadas situações, pode ser necessário realizar um ataque backdoor seletivo a um modelo específico em um ambiente com múltiplos modelos. Neste artigo, propomos um método de ataque backdoor seletivo multimodelo que induz cada modelo a classificar erroneamente as amostras em uma classe diferente de acordo com a posição do gatilho. O experimento para este estudo usou MNIST e Fashion-MNIST como conjuntos de dados e TensorFlow como biblioteca de aprendizado de máquina. Os resultados mostram que o esquema proposto tem uma taxa média de sucesso de ataque de 100% para cada modelo, mantendo 97.1% e 90.9% de precisão nas amostras originais para MNIST e Fashion-MNIST, respectivamente.
Hyun KWON
Korea Military Academy
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Copiar
Hyun KWON, "Multi-Model Selective Backdoor Attack with Different Trigger Positions" in IEICE TRANSACTIONS on Information,
vol. E105-D, no. 1, pp. 170-174, January 2022, doi: 10.1587/transinf.2021EDL8054.
Abstract: Deep neural networks show good performance in image recognition, speech recognition, and pattern analysis. However, deep neural networks show weaknesses, one of which is vulnerability to backdoor attacks. A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, but the backdoor samples with the specific trigger will be incorrectly classified by the model. Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. In certain situations, it may be necessary to carry out a selective backdoor attack on a specific model in an environment with multiple models. In this paper, we propose a multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger. The experiment for this study used MNIST and Fashion-MNIST as datasets and TensorFlow as the machine learning library. The results show that the proposed scheme has a 100% average attack success rate for each model while maintaining 97.1% and 90.9% accuracy on the original samples for MNIST and Fashion-MNIST, respectively.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2021EDL8054/_p
Copiar
@ARTICLE{e105-d_1_170,
author={Hyun KWON, },
journal={IEICE TRANSACTIONS on Information},
title={Multi-Model Selective Backdoor Attack with Different Trigger Positions},
year={2022},
volume={E105-D},
number={1},
pages={170-174},
abstract={Deep neural networks show good performance in image recognition, speech recognition, and pattern analysis. However, deep neural networks show weaknesses, one of which is vulnerability to backdoor attacks. A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, but the backdoor samples with the specific trigger will be incorrectly classified by the model. Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. In certain situations, it may be necessary to carry out a selective backdoor attack on a specific model in an environment with multiple models. In this paper, we propose a multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger. The experiment for this study used MNIST and Fashion-MNIST as datasets and TensorFlow as the machine learning library. The results show that the proposed scheme has a 100% average attack success rate for each model while maintaining 97.1% and 90.9% accuracy on the original samples for MNIST and Fashion-MNIST, respectively.},
keywords={},
doi={10.1587/transinf.2021EDL8054},
ISSN={1745-1361},
month={January},}
Copiar
TY - JOUR
TI - Multi-Model Selective Backdoor Attack with Different Trigger Positions
T2 - IEICE TRANSACTIONS on Information
SP - 170
EP - 174
AU - Hyun KWON
PY - 2022
DO - 10.1587/transinf.2021EDL8054
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E105-D
IS - 1
JA - IEICE TRANSACTIONS on Information
Y1 - January 2022
AB - Deep neural networks show good performance in image recognition, speech recognition, and pattern analysis. However, deep neural networks show weaknesses, one of which is vulnerability to backdoor attacks. A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, but the backdoor samples with the specific trigger will be incorrectly classified by the model. Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. In certain situations, it may be necessary to carry out a selective backdoor attack on a specific model in an environment with multiple models. In this paper, we propose a multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger. The experiment for this study used MNIST and Fashion-MNIST as datasets and TensorFlow as the machine learning library. The results show that the proposed scheme has a 100% average attack success rate for each model while maintaining 97.1% and 90.9% accuracy on the original samples for MNIST and Fashion-MNIST, respectively.
ER -