Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check

Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check

Backdoor attacks cause model misbehaving by first implanting backdoors in deep neural networks (DNNs) during training and then activating the backdoor via samples with triggers during inference. The compromised models could pose serious security risks to artificial intelligence systems, such as misi...

Full description

Saved in:
Bibliographic Details
Main Authors: CHEN, Zhenzhu, WANG, Shang, FU, Anmin, GAO, Yansong, YU, Shui, DENG, Robert H.
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2022
Subjects:
Neurons
Training
Predictive models
Data models
Feature extraction
Artificial intelligence
Training data
Backdoor attack
defense
deep learning
AI security
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/7250
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-8253
record_format dspace
spelling sg-smu-ink.sis_research-82532022-09-02T06:06:02Z Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check CHEN, Zhenzhu WANG, Shang FU, Anmin GAO, Yansong YU, Shui DENG, Robert H. Backdoor attacks cause model misbehaving by first implanting backdoors in deep neural networks (DNNs) during training and then activating the backdoor via samples with triggers during inference. The compromised models could pose serious security risks to artificial intelligence systems, such as misidentifying 'stop' traffic sign into '80km/h'. In this paper, we investigate the connection characteristic between the backdoor and the trigger in DNNs and observe the fact that the backdoor is implanted via establishing a link between a cluster of neurons, representing the backdoor, and the triggers. Based on this observation, we design LinkBreaker, a new generic scheme for defending against backdoor attacks. In particular, LinkBreaker deploys a neuron consistency check mechanism for identifying compromised neuron set related to the trigger. Then, the LinkBreaker regulates the model to make predictions based on benign neuron set only and thus breaks the link between the backdoor and the trigger. Compared to previous defenses, LinkBreaker offers a more general backdoor countermeasure that is not only effective against input-agnostic backdoors but also source-specific backdoors, which the later can not be defeated by majority of state-of-the-arts. Besides, LinkBreaker is robust against adversarial examples, which, to a large extent, provides a holistic defense against adversarial example attacks on DNNs, while almost all current backdoor defenses do not have such consideration and capability. Extensive experimental evaluations on real datasets demonstrate that LinkBreaker is with high efficacy of suppressing trigger inputs while incurring no noticeable accuracy deterioration on benign inputs. 2022-01-01T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/7250 info:doi/10.1109/TIFS.2022.3175616 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Neurons Training Predictive models Data models Feature extraction Artificial intelligence Training data Backdoor attack defense deep learning AI security Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Neurons
Training
Predictive models
Data models
Feature extraction
Artificial intelligence
Training data
Backdoor attack
defense
deep learning
AI security
Information Security
spellingShingle Neurons
Training
Predictive models
Data models
Feature extraction
Artificial intelligence
Training data
Backdoor attack
defense
deep learning
AI security
Information Security
CHEN, Zhenzhu
WANG, Shang
FU, Anmin
GAO, Yansong
YU, Shui
DENG, Robert H.
Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
description Backdoor attacks cause model misbehaving by first implanting backdoors in deep neural networks (DNNs) during training and then activating the backdoor via samples with triggers during inference. The compromised models could pose serious security risks to artificial intelligence systems, such as misidentifying 'stop' traffic sign into '80km/h'. In this paper, we investigate the connection characteristic between the backdoor and the trigger in DNNs and observe the fact that the backdoor is implanted via establishing a link between a cluster of neurons, representing the backdoor, and the triggers. Based on this observation, we design LinkBreaker, a new generic scheme for defending against backdoor attacks. In particular, LinkBreaker deploys a neuron consistency check mechanism for identifying compromised neuron set related to the trigger. Then, the LinkBreaker regulates the model to make predictions based on benign neuron set only and thus breaks the link between the backdoor and the trigger. Compared to previous defenses, LinkBreaker offers a more general backdoor countermeasure that is not only effective against input-agnostic backdoors but also source-specific backdoors, which the later can not be defeated by majority of state-of-the-arts. Besides, LinkBreaker is robust against adversarial examples, which, to a large extent, provides a holistic defense against adversarial example attacks on DNNs, while almost all current backdoor defenses do not have such consideration and capability. Extensive experimental evaluations on real datasets demonstrate that LinkBreaker is with high efficacy of suppressing trigger inputs while incurring no noticeable accuracy deterioration on benign inputs.
format text
author CHEN, Zhenzhu
WANG, Shang
FU, Anmin
GAO, Yansong
YU, Shui
DENG, Robert H.
author_facet CHEN, Zhenzhu
WANG, Shang
FU, Anmin
GAO, Yansong
YU, Shui
DENG, Robert H.
author_sort CHEN, Zhenzhu
title Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
title_short Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
title_full Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
title_fullStr Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
title_full_unstemmed Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
title_sort linkbreaker: breaking the backdoor-trigger link in dnns via neurons consistency check
publisher Institutional Knowledge at Singapore Management University
publishDate 2022
url https://ink.library.smu.edu.sg/sis_research/7250
_version_ 1770576291317153792

Similar Items