Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch

06/16/2021
by   Hossein Souri, et al.
3

As the curation of data for machine learning becomes increasingly automated, dataset tampering is a mounting threat. Backdoor attackers tamper with training data to embed a vulnerability in models that are trained on that data. This vulnerability is then activated at inference time by placing a "trigger" into the model's input. Typical backdoor attacks insert the trigger directly into the training data, although the presence of such an attack may be visible upon inspection. In contrast, the Hidden Trigger Backdoor Attack achieves poisoning without placing a trigger into the training data at all. However, this hidden trigger attack is ineffective at poisoning neural networks trained from scratch. We develop a new hidden trigger attack, Sleeper Agent, which employs gradient matching, data selection, and target model re-training during the crafting process. Sleeper Agent is the first hidden trigger backdoor attack to be effective against neural networks trained from scratch. We demonstrate its effectiveness on ImageNet and in black-box settings. Our implementation code can be found at https://github.com/hsouri/Sleeper-Agent.

READ FULL TEXT

page 2

page 3

page 14

page 15

research
05/26/2022

Membership Inference Attack Using Self Influence Functions

Member inference (MI) attacks aim to determine if a specific data sample...
research
09/04/2020

Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching

Data Poisoning attacks involve an attacker modifying training data to ma...
research
06/11/2018

Accurate and Robust Neural Networks for Security Related Applications Exampled by Face Morphing Attacks

Artificial neural networks tend to learn only what they need for a task....
research
06/15/2022

Architectural Backdoors in Neural Networks

Machine learning is vulnerable to adversarial manipulation. Previous lit...
research
02/20/2023

An Incremental Gray-box Physical Adversarial Attack on Neural Network Training

Neural networks have demonstrated remarkable success in learning and sol...
research
12/20/2022

Flareon: Stealthy any2any Backdoor Injection via Poisoned Augmentation

Open software supply chain attacks, once successful, can exact heavy cos...
research
04/01/2020

MetaPoison: Practical General-purpose Clean-label Data Poisoning

Data poisoning–the process by which an attacker takes control of a model...

Please sign up or login with your details

Forgot password? Click here to reset