Evaluation of backdoor attacks and defenses to deep neural networks

Evaluation of backdoor attacks and defenses to deep neural networks

The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effective...

Full description

Saved in:
Bibliographic Details
Main Author: Ooi, Ying Xuan
Other Authors: Zhang Tianwei
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2024
Subjects:
Computer and Information Science
Cyber security
Neural network
Artificial intelligence
Backdoor attack
Backdoor defense
Online Access:https://hdl.handle.net/10356/174938
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
Description
Summary:The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effectiveness, stealthiness of the attacks, and the resilience of their countermeasures. This was achieved through a series of experiments designed to correlate key variables in their response to Attack Success Rate and Clean Accuracy. The study revealed the inconvenient truth that backdoor attacking is easier than defending it. BadNets was clearly the most potent attack as it has the highest average Attack Success Rate while there are more uncertainty on the defense side. The analysis permitted ranking of attacks and defense strategies albeit subjected to the characteristics of the neural network and the poisoning rate. Nevertheless, it suggested some balancing trade-offs. There is no one-size fits-all defense strategy due to poor adaptivity; the situation is akin to an arms race, where improvements on one side prompted countermeasures from the other, leading to further developments in a perpetual competition. What made the matter worse is the continuous evolution of backdoor attacks towards a higher level of stealthiness. I hope that this study will inspire the readers for further research in search of adaptive defense strategy for wider range of backdoor attacks.

Similar Items