Backdoor attacks (BA) are an emerging threat to deep neural network classifiers. A classifier being attacked will predict to the attacker's target class when a test sample from a source class is embedded with the backdoor pattern (BP). Recently, the first BA against point cloud (PC) classifiers was proposed, creating new threats to many important applications including autonomous driving. Such PC BAs are not detectable by existing BA defenses due to their special BP embedding mechanism. In this paper, we propose a reverse-engineering defense that infers whether a PC classifier is backdoor attacked, without access to its training set or to any clean classifiers for reference. The effectiveness of our defense is demonstrated on the benchmark ModeNet40 dataset for PCs.
翻译:后门攻击(BA)是对深层神经网络分类器的一种新威胁。 被攻击的分类器将预测攻击者的目标类别, 当源类的测试样本嵌入后门模式(BP ) 。 最近, 提出了第一个针对点云分类器的测试样本(BA ), 对包括自主驾驶在内的许多重要应用程序构成了新的威胁。 这种个人计算机攻击程序(BA) 无法被现有的BA防御装置所探测, 原因是其特殊的 BP 嵌入机制。 在本文中, 我们提出反向工程防御, 推断PC 分类器是否受到后门攻击, 没有机会获得其训练或任何清洁分类器参考。 我们的辩护效力在个人计算机的基准模式Net40数据集中得到了证明。