With the development of Deep Neural Networks (DNNs) and the substantial demand growth of DNN model sharing and reuse, a gap for backdoors remains. A backdoor can be injected into a third-party model and is extremely stealthy in the normal situation, and thus has been widely discussed. Nowadays, the backdoor attack on deep neural networks has become a serious concern, which brings extensive research about attack and defense around backdoors in DNN. In this paper, we propose a stealthy scapegoat backdoor attack that can escape mainstream detection schemes, which can detect the backdoor either in the class level or the model level. We create a scapegoat to mislead the detection schemes in the class level and at the same time make our target model an adversarial input to the detection schemes in the model level. It reveals that although many effective backdoor defense schemes have been put forward, the backdoor attack on DNN still needs to be dealt with. The evaluation results on three benchmark datasets demonstrate that the proposed attack has an excellent performance in both aggressivity and stealthiness against two state-of-the-art defense schemes.
翻译:随着深神经网络(DNN)的发展以及DNN模式共享和再利用需求的大幅增长,后门的缺口仍然存在。后门可以注入第三方模式,在正常情况下极隐秘,因此已经广泛讨论。如今,深神经网络的后门攻击已成为一项严重关切,对DNN的后门攻击和防御进行了广泛的研究。在本文中,我们提议进行隐形的替罪羊后门攻击,这种攻击可以逃脱主流探测计划,这种方案可以在班级或模式一级探测后门。我们创建了替罪羊,以误导班级的检测计划,同时使我们的目标模式成为模型一级探测计划的对抗性投入。它表明,虽然许多有效的后门防御计划已经向前推进,但对DNN的后门攻击仍然需要处理。三个基准数据集的评价结果表明,拟议的攻击在逆向和隐形两个州防御计划上都表现良好。
相关内容
微信扫码咨询专知VIP会员