FooBaR: Fault Fooling Backdoor Attack on Neural Network Training

09/23/2021
by   Jakub Breier, et al.
0

Neural network implementations are known to be vulnerable to physical attack vectors such as fault injection attacks. As of now, these attacks were only utilized during the inference phase with the intention to cause a misclassification. In this work, we explore a novel attack paradigm by injecting faults during the training phase of a neural network in a way that the resulting network can be attacked during deployment without the necessity of further faulting. In particular, we discuss attacks against ReLU activation functions that make it possible to generate a family of malicious inputs, which are called fooling inputs, to be used at inference time to induce controlled misclassifications. Such malicious inputs are obtained by mathematically solving a system of linear equations that would cause a particular behaviour on the attacked activation functions, similar to the one induced in training through faulting. We call such attacks fooling backdoors as the fault attacks at the training phase inject backdoors into the network that allow an attacker to produce fooling inputs. We evaluate our approach against multi-layer perceptron networks and convolutional networks on a popular image classification task obtaining high attack success rates (from 60 high classification confidence when as little as 25 neurons are attacked while preserving high accuracy on the originally intended classification task.

READ FULL TEXT
research
06/15/2018

Practical Fault Attack on Deep Neural Networks

As deep learning systems are widely adopted in safety- and security-crit...
research
08/31/2023

Fault Injection and Safe-Error Attack for Extraction of Embedded Neural Network Models

Model extraction emerges as a critical security threat with attack vecto...
research
08/09/2019

DeepCleanse: Input Sanitization Framework Against Trojan Attacks on Deep Neural Network Systems

Doubts over safety and trustworthiness of deep learning systems have eme...
research
02/02/2021

Formalising the Use of the Activation Function in Neural Inference

We investigate how activation functions can be used to describe neural f...
research
02/28/2023

A semantic backdoor attack against Graph Convolutional Networks

Graph Convolutional Networks (GCNs) have been very effective in addressi...
research
12/18/2019

Adversarial VC-dimension and Sample Complexity of Neural Networks

Adversarial attacks during the testing phase of neural networks pose a c...
research
02/20/2023

An Incremental Gray-box Physical Adversarial Attack on Neural Network Training

Neural networks have demonstrated remarkable success in learning and sol...

Please sign up or login with your details

Forgot password? Click here to reset