A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Filters
Systematic Evaluation of Backdoor Data Poisoning Attacks on Image Classifiers
[article]
2020
arXiv
pre-print
Preserved Fulltext
Our work builds upon prior backdoor data-poisoning research for ML image classifiers and systematically assesses different experimental conditions including types of trigger patterns, persistence of trigger ...
Traditional data poisoning attacks manipulate training data to induce unreliability of an ML model, whereas backdoor data poisoning attacks maintain system performance unless the ML model is presented ...
Conclusions and Future Work This paper presents a systematic study of backdoor poisoning attacks on image classifiers. ...
arXiv:2004.11514v1
fatcat:bcoswqke3jai7cbxmiiqtuwht4
Model Agnostic Defence against Backdoor Attacks in Machine Learning
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
The continued success of ML largely depends on our ability to trust the model we are using. Recently, a new class of attacks called Backdoor Attacks have been developed. ...
In addition to this feature, we also mitigate these attacks by determining the correct predictions of the poisoned images. ...
This work is also partially supported by OneConnect Financial grant number RGOCFT2001 and Singapore Ministry of Education (MOE) President's Graduate Fellowship. ...
arXiv:1908.02203v3
fatcat:2fnggz7l3nbqnirjnefpimjxbu
Exposing Backdoors in Robust Machine Learning Models
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In our evaluation of several visible and hidden backdoor triggers on major classification tasks using CIFAR-10, MNIST and FMNIST datasets, AEGIS effectively detects robust DNNs infected with backdoors. ...
However, the behaviour of such optimisation has not been studied in the light of a fundamentally different class of attacks called backdoors. ...
Random training data images are used to generate images of the target class in a robust backdoor-infected classifier. ...
arXiv:2003.00865v3
fatcat:b4synxq6obfl7mqw2bimmrt234
Backdoor Learning: A Survey
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Besides, we also analyze the relation between backdoor attacks and relevant fields (i.e., adversarial attacks and data poisoning), and summarize widely adopted benchmark datasets. ...
We summarize and categorize existing backdoor attacks and defenses based on their characteristics, and provide a unified framework for analyzing poisoning-based backdoor attacks. ...
Baoyuan Wu from the Chinese University of Hong Kong (Shenzhen) and Dr. Bo Li from the University of Illinois Urbana-Champaign for their helpful comments on an early draft of this paper. ...
arXiv:2007.08745v5
fatcat:5vffxzvh7bdb5nz7qlrytssowi
Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Drawing the insights from the systematic review, we also present key areas for future research on the backdoor, such as empirical security evaluations from physical trigger attacks, and in particular, ...
, and iii) verifying data deletion requested by the data contributor.Overall, the research on defense is far behind the attack, and there is no single defense that can prevent all types of backdoor attacks ...
data poisoning attack (section II). (2) We systematically categorize backdoor attack surfaces into six classes according to affected ML pipeline stages and the attacker's capabilities: i) code poisoning ...
arXiv:2007.10760v3
fatcat:6i4za6345jedbe5ek57l2tgld4
BadNL: Backdoor Attacks Against NLP Models
[article]
2020
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In this paper, we present the first systematic investigation of the backdoor attack against models designed for natural language processing (NLP) tasks. ...
Previous backdoor attacks mainly focus on computer vision tasks. ...
Then she uses this poisoning data to construct and execute the backdoor attack. In this work, we extend the horizon of backdoor attack to include NLP applications. ...
arXiv:2006.01043v1
fatcat:a627azfbfzam5ck4sx6gfyye34
Wild Patterns Reloaded: A Survey of Machine Learning Security against Training Data Poisoning
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
While we focus mostly on computer-vision applications, we argue that our systematization also encompasses state-of-the-art attacks and defenses for other data modalities. ...
This assumption is challenged by the threat of poisoning, an attack that manipulates the training data to compromise the model's performance at test time. ...
[115] to systematize poisoning attacks according to the attacker's goal, knowledge of the target system, and capability of manipulating the input data. ...
arXiv:2205.01992v1
fatcat:634zayldxfgfrlucascahjesxm
Machine Learning Security: Threats, Countermeasures, and Evaluations
2020
IEEE Access
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
Then, the machine learning security-related issues are classified into five categories: training set poisoning; backdoors in the training set; adversarial example attacks; model theft; recovery of sensitive ...
INDEX TERMS Artificial intelligence security, poisoning attacks, backdoor attacks, adversarial examples, privacy-preserving machine learning. ...
[35] propose backdoor attacks on CNNs, in which they corrupt samples of a target class without label poisoning. They evaluated the attack on MNIST digits classifier and traffic signs classifier. ...
doi:10.1109/access.2020.2987435
fatcat:ksinvcvcdvavxkzyn7fmsa27ji
Backdoor Attacks to Graph Neural Networks
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In our backdoor attack, a GNN classifier predicts an attacker-chosen target label for a testing graph once a predefined subgraph is injected to the testing graph. ...
Our empirical results on three real-world graph datasets show that our backdoor attacks are effective with a small impact on a GNN's prediction accuracy for clean testing graphs. ...
Our contributions can be summarized as follows: • We perform the first systematic study on backdoor attacks to GNNs. • We propose subgraph based backdoor attacks to GNNs. ...
arXiv:2006.11165v4
fatcat:grtdn4jjqbh7zknr7ys63u7n4a
Uncertify: Attacks Against Neural Network Certification
[article]
2022
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
Other Versions
In particular, we conduct the first systematic analysis of training-time attacks against certifiers in practical application pipelines, identifying new threat vectors that can be exploited to degrade the ...
For example, adding 1% poisoned data during training is sufficient to reduce certified robustness by up to 95 percentage points, effectively rendering the certifier useless. ...
ACKNOWLEDGMENTS This work is partially funded by the Helmholtz Association within the projects "Trustworthy Federated Data Analytics (TFDA)" (ZT-I-OO1 4). ...
arXiv:2108.11299v3
fatcat:6gwz2o3sgnbohcapwkk7faroxy
Understanding the Security of Deepfake Detection
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Other Versions
Third, we find that an attacker can leverage backdoor attacks developed by the adversarial machine learning community to evade a face classifier. ...
State-of-the-art deepfake detection methods consist of two key components, i.e., face extractor and face classifier, which extract the face region in an image and classify it to be real/fake, respectively ...
We also thank Xiaohan Wang for discussion and processing datasets for experiments on cross-method generalization. This work was partially supported by NSF grant No.1937786. ...
arXiv:2107.02045v3
fatcat:mynivrroojc6rpvnvmp3vihpiu
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences
[article]
2021
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
In a backdoor attack, the attacker corrupts the training data so to induce an erroneous behaviour at test time. ...
The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for ...
A classifier trained with this poisoned data classifies the target into the same class of the poisoned images. ...
arXiv:2111.08429v1
fatcat:meljtbkpfzeinfw3m3e7pkaj64
Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation
[article]
2018
arXiv
pre-print
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
In this paper, we focus on a specific type of data poisoning attack, which we refer to as a backdoor injection attack. ...
We carry out extensive experimental evaluations under various assumptions on the adversary model, and demonstrate that such attacks can be effective and achieve a high attack success rate (above 90%) at ...
However, our objective is to embed the backdoor while not degrading the model's accuracy on regular data, unlike conventional data poisoning attacks. ...
arXiv:1808.10307v1
fatcat:ne2fyqjjijg2jl4mjzeuztutwm
Multi-Model Selective Backdoor Attack with Different Trigger Positions
2022
IEICE transactions on information and systems
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, ...
Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. ...
Acknowledgments This study was supported by National Research Foundation of Korea (NRF) grants funded by the Korea government (MSIT) (2021R1I1A1A01040308) and Hwarang-Dae Research Institute of Korea Military ...
doi:10.1587/transinf.2021edl8054
fatcat:yrlqtkq7azbdpn5zye6qzd4ysy
Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In this paper, we provide the first effective defenses against backdoor attacks on DNNs. ...
We then evaluate fine-pruning, a combination of pruning and fine-tuning, and show that it successfully weakens or even eliminates the backdoors, i.e., in some cases reducing the attack success rate to ...
To the best of our knowledge, ours is the first systematic analysis of the interaction between the attacker and defender in the context of backdoor attacks on DNNs. ...
doi:10.1007/978-3-030-00470-5_13
fatcat:opgrch4xojgmfbk22oq2d32fkq
« Previous
Showing results 1 — 15 out of 363 results