NNoculation: Broad Spectrum and Targeted Treatment of Backdoored DNNs

02/19/2020
by   Akshaj Kumar Veldanda, et al.
0

This paper proposes a novel two-stage defense (NNoculation) against backdoored neural networks (BadNets) that, unlike existing defenses, makes minimal assumptions on the shape, size and location of backdoor triggers and BadNet's functioning. In the pre-deployment stage, NNoculation retrains the network using "broad-spectrum" random perturbations of inputs drawn from a clean validation set to partially reduce the adversarial impact of a backdoor. In the post-deployment stage, NNoculation detects and quarantines backdoored test inputs by recording disagreements between the original and pre-deployment patched networks. A CycleGAN is then trained to learn transformations between clean validation inputs and quarantined inputs; i.e., it learns to add triggers to clean validation images. This transformed set of backdoored validation images along with their correct labels is used to further retrain the BadNet, yielding our final defense. NNoculation outperforms state-of-the-art defenses NeuralCleanse and Artificial Brain Simulation (ABS) that we show are ineffective when their restrictive assumptions are circumvented by the attacker.

READ FULL TEXT

page 4

page 6

page 8

page 12

research
11/04/2020

Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection

This paper proposes a new defense against neural network backdooring att...
research
06/01/2019

Enhancing Transformation-based Defenses using a Distribution Classifier

Adversarial attacks on convolutional neural networks (CNN) have gained s...
research
05/06/2020

GraCIAS: Grassmannian of Corrupted Images for Adversarial Security

Input transformation based defense strategies fall short in defending ag...
research
12/11/2022

DISCO: Adversarial Defense with Local Implicit Functions

The problem of adversarial defenses for image classification, where the ...
research
08/23/2023

BaDExpert: Extracting Backdoor Functionality for Accurate Backdoor Input Detection

We present a novel defense, against backdoor attacks on Deep Neural Netw...
research
11/22/2022

Backdoor Cleansing with Unlabeled Data

Due to the increasing computational demand of Deep Neural Networks (DNNs...
research
03/07/2022

Low-Loss Subspace Compression for Clean Gains against Multi-Agent Backdoor Attacks

Recent exploration of the multi-agent backdoor attack demonstrated the b...

Please sign up or login with your details

Forgot password? Click here to reset