The Tale of Evil Twins: Adversarial Inputs versus Backdoored Models

11/05/2019
by   Ren Pang, et al.
6

Despite their tremendous success in a wide range of applications, deep neural network (DNN) models are inherently vulnerable to two types of malicious manipulations: adversarial inputs, which are crafted samples that deceive target DNNs, and backdoored models, which are forged DNNs that misbehave on trigger-embedded inputs. While prior work has intensively studied the two attack vectors in parallel, there is still a lack of understanding about their fundamental connection, which is critical for assessing the holistic vulnerability of DNNs deployed in realistic settings. In this paper, we bridge this gap by conducting the first systematic study of the two attack vectors within a unified framework. More specifically, (i) we develop a new attack model that integrates both adversarial inputs and backdoored models; (ii) with both analytical and empirical evidence, we reveal that there exists an intricate "mutual reinforcement" effect between the two attack vectors; (iii) we demonstrate that this effect enables a large spectrum for the adversary to optimize the attack strategies, such as maximizing attack evasiveness with respect to various defenses and designing trigger patterns satisfying multiple desiderata; (v) finally, we discuss potential countermeasures against this unified attack and their technical challenges, which lead to several promising research directions.

READ FULL TEXT

page 1

page 3

page 4

page 5

page 11

page 15

page 16

page 18

research
12/03/2018

Interpretable Deep Learning under Fire

Providing explanations for complicated deep neural network (DNN) models ...
research
08/01/2018

EagleEye: Attack-Agnostic Defense against Adversarial Inputs (Technical Report)

Deep neural networks (DNNs) are inherently vulnerable to adversarial inp...
research
12/25/2021

Stealthy Attack on Algorithmic-Protected DNNs via Smart Bit Flipping

Recently, deep neural networks (DNNs) have been deployed in safety-criti...
research
04/05/2023

UNICORN: A Unified Backdoor Trigger Inversion Framework

The backdoor attack, where the adversary uses inputs stamped with trigge...
research
06/21/2020

Graph Backdoor

One intriguing property of deep neural network (DNN) models is their inh...
research
12/08/2022

Targeted Adversarial Attacks against Neural Network Trajectory Predictors

Trajectory prediction is an integral component of modern autonomous syst...
research
09/19/2020

It's Raining Cats or Dogs? Adversarial Rain Attack on DNN Perception

Rain is a common phenomenon in nature and an essential factor for many d...

Please sign up or login with your details

Forgot password? Click here to reset