Abstract

Backdoor (Trojan) attacks are emerging threats against deep neural networks (DNN). A DNN being attacked will predict to an attacker-desired target class whenever a test sample from any source class is embedded with a backdoor pattern; while correctly classifying clean (attack-free) test samples. Existing backdoor defenses have shown success in detecting whether a DNN is attacked and in reverse-engineering the backdoor pattern in a "post-training" regime: the defender has access to the DNN to be inspected and a small, clean dataset collected independently, but has no access to the (possibly poisoned) training set of the DNN. However, these defenses neither catch culprits in the act of triggering the backdoor mapping, nor mitigate the backdoor attack at test-time. In this paper, we propose an "in-flight" defense against backdoor attacks on image classification that 1) detects use of a backdoor trigger at test-time; and 2) infers the class of origin (source class) for a detected trigger example. The effectiveness of our defense is demonstrated experimentally against different strong backdoor attacks.

Full Text

Published Version
Open DOI Link

Topics from this Paper

  • Backdoor Attacks
  • Deep Neural Networks
  • Source Class
  • Test Sample
  • Image Classification
    • + Show 5 more

Create a personalized feed of these topics

Get Started

Get access to 115M+ research papers

Discover from 40M+ Open access, 2M+ Pre-prints, 9.5M Topics and 32K+ Journals.

Sign Up Now! It's FREE

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Detection of Backdoors in Trained Classifiers Without Access to the Training Set
  • IEEE Transactions on Neural Networks and Learning Systems
  • Mar 1, 2022
Relevant
Not Relevant
Vulnerabilities of Deep Learning-Driven Semantic Communications to Backdoor (Trojan) Attacks
  • Mar 22, 2023
Relevant
Not Relevant
Backdoor Attacks on Image Classification Models in Deep Neural Networks
  • Chinese Journal of Electronics
  • Mar 1, 2022
Relevant
Not Relevant
Revealing Backdoors, Post-Training, in DNN Classifiers via Novel Inference on Optimized Perturbations Inducing Group Misclassification
  • May 1, 2020
Relevant
Not Relevant
Clean-Label Backdoor Attacks on Video Recognition Models
  • Jun 1, 2020
Relevant
Not Relevant
L-Red: Efficient Post-Training Detection of Imperceptible Backdoor Attacks Without Access to the Training Set
  • Jun 6, 2021
Relevant
Not Relevant
Towards Backdoor Attack on Deep Learning based Time Series Classification
  • May 1, 2022
Relevant
Not Relevant
Backdoor Attack against Face Sketch Synthesis.
  • Entropy (Basel, Switzerland)
  • Jun 25, 2023
Relevant
Not Relevant
Compression-resistant backdoor attack against deep neural networks
  • Applied Intelligence
  • Apr 12, 2023
Relevant
Not Relevant
BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements
  • Dec 6, 2021
Relevant
Not Relevant
Industrial software technology
  • Information and Software Technology
  • May 1, 1989
Relevant
Not Relevant
One-to-N & N-to-One: Two Advanced Backdoor Attacks Against Deep Learning Models
  • IEEE Transactions on Dependable and Secure Computing
  • May 1, 2022
Relevant
Not Relevant
Robust Backdoor Attacks against Deep Neural Networks in Real Physical World
  • Oct 1, 2021
Relevant
Not Relevant
PTB: Robust physical backdoor attacks against deep neural networks in real world
  • Computers & Security
  • Jul 1, 2022
Relevant
Not Relevant
FriendNet Backdoor
  • Jan 12, 2020
Relevant
Not Relevant