Handcrafted Backdoors in Deep Neural Networks

06/08/2021
by   Sanghyun Hong, et al.
0

Deep neural networks (DNNs), while accurate, are expensive to train. Many practitioners, therefore, outsource the training process to third parties or use pre-trained DNNs. This practice makes DNNs vulnerable to backdoor attacks: the third party who trains the model may act maliciously to inject hidden behaviors into the otherwise accurate model. Until now, the mechanism to inject backdoors has been limited to poisoning. We argue that such a supply-chain attacker has more attack techniques available. To study this hypothesis, we introduce a handcrafted attack that directly manipulates the parameters of a pre-trained model to inject backdoors. Our handcrafted attacker has more degrees of freedom in manipulating model parameters than poisoning. This makes it difficult for a defender to identify or remove the manipulations with straightforward methods, such as statistical analysis, adding random noises to model parameters, or clipping their values within a certain range. Further, our attacker can combine the handcrafting process with additional techniques, e.g., jointly optimizing a trigger pattern, to inject backdoors into complex networks effectively-the meet-in-the-middle attack. In evaluations, our handcrafted backdoors remain effective across four datasets and four network architectures with a success rate above 96 backdoored models are resilient to both parameter-level backdoor removal techniques and can evade existing defenses by slightly changing the backdoor attack configurations. Moreover, we demonstrate the feasibility of suppressing unwanted behaviors otherwise caused by poisoning. Our results suggest that further research is needed for understanding the complete space of supply-chain backdoor attacks.

READ FULL TEXT

page 1

page 8

page 12

page 13

page 16

research
12/07/2020

Backdoor Attack with Sample-Specific Triggers

Recently, backdoor attacks pose a new security threat to the training pr...
research
11/03/2022

M-to-N Backdoor Paradigm: A Stealthy and Fuzzy Attack to Deep Learning Models

Recent studies show that deep neural networks (DNNs) are vulnerable to b...
research
05/30/2018

Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks

Deep neural networks (DNNs) provide excellent performance across a wide ...
research
02/01/2023

BackdoorBox: A Python Toolbox for Backdoor Learning

Third-party resources (e.g., samples, backbones, and pre-trained models)...
research
05/10/2023

Stealthy Low-frequency Backdoor Attack against Deep Neural Networks

Deep neural networks (DNNs) have gain its popularity in various scenario...
research
07/30/2021

Can You Hear It? Backdoor Attacks via Ultrasonic Triggers

Deep neural networks represent a powerful option for many real-world app...
research
12/20/2022

VSVC: Backdoor attack against Keyword Spotting based on Voiceprint Selection and Voice Conversion

Keyword spotting (KWS) based on deep neural networks (DNNs) has achieved...

Please sign up or login with your details

Forgot password? Click here to reset