Verifying neural networks against backdoor attacks
Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be e...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2022
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/7279 https://ink.library.smu.edu.sg/context/sis_research/article/8282/viewcontent/Verifying_neural_networks_against_backdoor_attacks.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-8282 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-82822023-08-08T07:46:45Z Verifying neural networks against backdoor attacks PHAM, Long Hong SUN, Jun Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be embedded with a backdoor such that a target output is almost always generated in the presence of a trigger. Existing defense approaches mostly focus on detecting whether a neural network is ‘backdoored’ based on heuristics, e.g., activation patterns. To the best of our knowledge, the only line of work which certifies the absence of backdoor is based on randomized smoothing, which is known to significantly reduce neural network performance. In this work, we propose an approach to verify whether a given neural network is free of backdoor with a certain level of success rate. Our approach integrates statistical sampling as well as abstract interpretation. The experiment results show that our approach effectively verifies the absence of backdoor or generates backdoor triggers. 2022-08-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/7279 info:doi/10.1007/978-3-031-13185-1_9 https://ink.library.smu.edu.sg/context/sis_research/article/8282/viewcontent/Verifying_neural_networks_against_backdoor_attacks.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Information Security |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Information Security |
| spellingShingle |
Information Security PHAM, Long Hong SUN, Jun Verifying neural networks against backdoor attacks |
| description |
Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be embedded with a backdoor such that a target output is almost always generated in the presence of a trigger. Existing defense approaches mostly focus on detecting whether a neural network is ‘backdoored’ based on heuristics, e.g., activation patterns. To the best of our knowledge, the only line of work which certifies the absence of backdoor is based on randomized smoothing, which is known to significantly reduce neural network performance. In this work, we propose an approach to verify whether a given neural network is free of backdoor with a certain level of success rate. Our approach integrates statistical sampling as well as abstract interpretation. The experiment results show that our approach effectively verifies the absence of backdoor or generates backdoor triggers. |
| format |
text |
| author |
PHAM, Long Hong SUN, Jun |
| author_facet |
PHAM, Long Hong SUN, Jun |
| author_sort |
PHAM, Long Hong |
| title |
Verifying neural networks against backdoor attacks |
| title_short |
Verifying neural networks against backdoor attacks |
| title_full |
Verifying neural networks against backdoor attacks |
| title_fullStr |
Verifying neural networks against backdoor attacks |
| title_full_unstemmed |
Verifying neural networks against backdoor attacks |
| title_sort |
verifying neural networks against backdoor attacks |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2022 |
| url |
https://ink.library.smu.edu.sg/sis_research/7279 https://ink.library.smu.edu.sg/context/sis_research/article/8282/viewcontent/Verifying_neural_networks_against_backdoor_attacks.pdf |
| _version_ |
1779156843422023680 |