Evaluation of backdoor attacks and defenses to deep neural networks

Evaluation of backdoor attacks and defenses to deep neural networks

The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effective...

Full description

Saved in:
Bibliographic Details
Main Author: Ooi, Ying Xuan
Other Authors: Zhang Tianwei
Format: Final Year Project
Language:English
Published: Nanyang Technological University 2024
Subjects:
Computer and Information Science
Cyber security
Neural network
Artificial intelligence
Backdoor attack
Backdoor defense
Online Access:https://hdl.handle.net/10356/174938
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-174938
record_format dspace
spelling sg-ntu-dr.10356-1749382024-04-19T15:44:42Z Evaluation of backdoor attacks and defenses to deep neural networks Ooi, Ying Xuan Zhang Tianwei School of Computer Science and Engineering tianwei.zhang@ntu.edu.sg Computer and Information Science Cyber security Neural network Artificial intelligence Backdoor attack Backdoor defense The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effectiveness, stealthiness of the attacks, and the resilience of their countermeasures. This was achieved through a series of experiments designed to correlate key variables in their response to Attack Success Rate and Clean Accuracy. The study revealed the inconvenient truth that backdoor attacking is easier than defending it. BadNets was clearly the most potent attack as it has the highest average Attack Success Rate while there are more uncertainty on the defense side. The analysis permitted ranking of attacks and defense strategies albeit subjected to the characteristics of the neural network and the poisoning rate. Nevertheless, it suggested some balancing trade-offs. There is no one-size fits-all defense strategy due to poor adaptivity; the situation is akin to an arms race, where improvements on one side prompted countermeasures from the other, leading to further developments in a perpetual competition. What made the matter worse is the continuous evolution of backdoor attacks towards a higher level of stealthiness. I hope that this study will inspire the readers for further research in search of adaptive defense strategy for wider range of backdoor attacks. Bachelor's degree 2024-04-17T01:09:26Z 2024-04-17T01:09:26Z 2024 Final Year Project (FYP) Ooi, Y. X. (2024). Evaluation of backdoor attacks and defenses to deep neural networks. Final Year Project (FYP), Nanyang Technological University, Singapore. https://hdl.handle.net/10356/174938 https://hdl.handle.net/10356/174938 en SCSE23-0065 application/pdf Nanyang Technological University
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Computer and Information Science
Cyber security
Neural network
Artificial intelligence
Backdoor attack
Backdoor defense
spellingShingle Computer and Information Science
Cyber security
Neural network
Artificial intelligence
Backdoor attack
Backdoor defense
Ooi, Ying Xuan
Evaluation of backdoor attacks and defenses to deep neural networks
description The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effectiveness, stealthiness of the attacks, and the resilience of their countermeasures. This was achieved through a series of experiments designed to correlate key variables in their response to Attack Success Rate and Clean Accuracy. The study revealed the inconvenient truth that backdoor attacking is easier than defending it. BadNets was clearly the most potent attack as it has the highest average Attack Success Rate while there are more uncertainty on the defense side. The analysis permitted ranking of attacks and defense strategies albeit subjected to the characteristics of the neural network and the poisoning rate. Nevertheless, it suggested some balancing trade-offs. There is no one-size fits-all defense strategy due to poor adaptivity; the situation is akin to an arms race, where improvements on one side prompted countermeasures from the other, leading to further developments in a perpetual competition. What made the matter worse is the continuous evolution of backdoor attacks towards a higher level of stealthiness. I hope that this study will inspire the readers for further research in search of adaptive defense strategy for wider range of backdoor attacks.
author2 Zhang Tianwei
author_facet Zhang Tianwei
Ooi, Ying Xuan
format Final Year Project
author Ooi, Ying Xuan
author_sort Ooi, Ying Xuan
title Evaluation of backdoor attacks and defenses to deep neural networks
title_short Evaluation of backdoor attacks and defenses to deep neural networks
title_full Evaluation of backdoor attacks and defenses to deep neural networks
title_fullStr Evaluation of backdoor attacks and defenses to deep neural networks
title_full_unstemmed Evaluation of backdoor attacks and defenses to deep neural networks
title_sort evaluation of backdoor attacks and defenses to deep neural networks
publisher Nanyang Technological University
publishDate 2024
url https://hdl.handle.net/10356/174938
_version_ 1800916241963024384

Similar Items