Spectral Signatures in Backdoor Attacks

11/01/2018
by   Brandon Tran, et al.
2

A recent line of work has uncovered a new form of data poisoning: so-called backdoor attacks. These attacks are particularly dangerous because they do not affect a network's behavior on typical, benign data. Rather, the network only deviates from its expected output when triggered by a perturbation planted by an adversary. In this paper, we identify a new property of all known backdoor attacks, which we call spectral signatures. This property allows us to utilize tools from robust statistics to thwart the attacks. We demonstrate the efficacy of these signatures in detecting and removing poisoned examples on real image sets and state of the art neural network architectures. We believe that understanding spectral signatures is a crucial first step towards designing ML systems secure against such backdoor attacks

READ FULL TEXT

page 4

page 15

page 16

research
09/27/2021

FedIPR: Ownership Verification for Federated Deep Neural Network Models

Federated learning models must be protected against plagiarism since the...
research
05/16/2019

Efficient Attack Correlation and Identification of Attack Scenarios based on Network-Motifs

An Intrusion Detection System (IDS) to secure computer networks reports ...
research
07/14/2020

Lattice Blind Signatures with Forward Security

Blind signatures play an important role in both electronic cash and elec...
research
09/09/2019

Puncturable Signatures and Applications in Proof-of-Stake Blockchain Protocol

Proof-of-stake (PoS) blockchain protocols are emerging as one of the mos...
research
02/22/2018

The iisignature library: efficient calculation of iterated-integral signatures and log signatures

Iterated-integral signatures and log signatures are vectors calculated f...
research
12/28/2020

Detecting Colluding Sybil Attackers in Robotic Networks using Backscatters

Due to the openness of wireless medium, robotic networks that consist of...
research
10/22/2019

Understanding the Effects of Real-World Behavior in Statistical Disclosure Attacks

High-latency anonymous communication systems prevent passive eavesdroppe...

Please sign up or login with your details

Forgot password? Click here to reset