Loading…

Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?

Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor...

Full description

Saved in:

Bibliographic Details
Published in:	arXiv.org 2022-07
Main Authors:	Jin, Kaidi, Zhang, Tianwei, Shen, Chao, Chen, Yufei, Fan, Ming, Lin, Chenhao, Liu, Ting
Format:	Article
Language:	English
Subjects:	Anomalies Artificial neural networks Inference Machine learning Neural networks
Online Access:	Get full text
Tags:	Add Tag No Tags, Be the first to tag this record!

cited_by
cites
container_end_page
container_issue
container_start_page
container_title	arXiv.org
container_volume
creator	Jin, Kaidi Zhang, Tianwei Shen, Chao Chen, Yufei Fan, Ming Lin, Chenhao Liu, Ting
description	Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor attacks is still at an early stage. It is unknown whether there are any connections and common characteristics between the defenses against these two attacks. We conduct comprehensive studies on the connections between adversarial examples and backdoor examples of Deep Neural Networks to seek to answer the question: can we detect backdoor using adversarial detection methods. Our insights are based on the observation that both adversarial examples and backdoor examples have anomalies during the inference process, highly distinguishable from benign samples. As a result, we revise four existing adversarial defense methods for detecting backdoor examples. Extensive evaluations indicate that these approaches provide reliable protection against backdoor attacks, with a higher accuracy than detecting adversarial examples. These solutions also reveal the relations of adversarial examples, backdoor examples and normal samples in model sensitivity, activation space and feature space. This is able to enhance our understanding about the inherent features of these two attacks and the defense opportunities.
format	article
fullrecord	<record><control><sourceid>proquest</sourceid><recordid>TN_cdi_proquest_journals_2418458548</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2418458548</sourcerecordid><originalsourceid>FETCH-proquest_journals_24184585483</originalsourceid><addsrcrecordid>eNqNirEKwjAUAIMgWLT_8MC50KaJZpPaKi7dFMcS2mdNLYkmr36_Dn6A0x3czVjE8zxLlOB8weIQhjRN-WbLpcwjVpXawhWhNmR6TQh73T465zwURF-FSzC2h6J7ow_aGz1ChYQtGWehRrq7LuxWbH7TY8D4xyVbHw_n8pQ8vXtNGKgZ3OTtNzVcZEpIJYXK_7s-x-450A</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2418458548</pqid></control><display><type>article</type><title>Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?</title><source>Publicly Available Content (ProQuest)</source><creator>Jin, Kaidi ; Zhang, Tianwei ; Shen, Chao ; Chen, Yufei ; Fan, Ming ; Lin, Chenhao ; Liu, Ting</creator><creatorcontrib>Jin, Kaidi ; Zhang, Tianwei ; Shen, Chao ; Chen, Yufei ; Fan, Ming ; Lin, Chenhao ; Liu, Ting</creatorcontrib><description>Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor attacks is still at an early stage. It is unknown whether there are any connections and common characteristics between the defenses against these two attacks. We conduct comprehensive studies on the connections between adversarial examples and backdoor examples of Deep Neural Networks to seek to answer the question: can we detect backdoor using adversarial detection methods. Our insights are based on the observation that both adversarial examples and backdoor examples have anomalies during the inference process, highly distinguishable from benign samples. As a result, we revise four existing adversarial defense methods for detecting backdoor examples. Extensive evaluations indicate that these approaches provide reliable protection against backdoor attacks, with a higher accuracy than detecting adversarial examples. These solutions also reveal the relations of adversarial examples, backdoor examples and normal samples in model sensitivity, activation space and feature space. This is able to enhance our understanding about the inherent features of these two attacks and the defense opportunities.</description><identifier>EISSN: 2331-8422</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Anomalies ; Artificial neural networks ; Inference ; Machine learning ; Neural networks</subject><ispartof>arXiv.org, 2022-07</ispartof><rights>2022. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.proquest.com/docview/2418458548?pq-origsite=primo$$EHTML$$P50$$Gproquest$$Hfree_for_read</linktohtml><link.rule.ids>780,784,25752,37011,44589</link.rule.ids></links><search><creatorcontrib>Jin, Kaidi</creatorcontrib><creatorcontrib>Zhang, Tianwei</creatorcontrib><creatorcontrib>Shen, Chao</creatorcontrib><creatorcontrib>Chen, Yufei</creatorcontrib><creatorcontrib>Fan, Ming</creatorcontrib><creatorcontrib>Lin, Chenhao</creatorcontrib><creatorcontrib>Liu, Ting</creatorcontrib><title>Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?</title><title>arXiv.org</title><description>Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor attacks is still at an early stage. It is unknown whether there are any connections and common characteristics between the defenses against these two attacks. We conduct comprehensive studies on the connections between adversarial examples and backdoor examples of Deep Neural Networks to seek to answer the question: can we detect backdoor using adversarial detection methods. Our insights are based on the observation that both adversarial examples and backdoor examples have anomalies during the inference process, highly distinguishable from benign samples. As a result, we revise four existing adversarial defense methods for detecting backdoor examples. Extensive evaluations indicate that these approaches provide reliable protection against backdoor attacks, with a higher accuracy than detecting adversarial examples. These solutions also reveal the relations of adversarial examples, backdoor examples and normal samples in model sensitivity, activation space and feature space. This is able to enhance our understanding about the inherent features of these two attacks and the defense opportunities.</description><subject>Anomalies</subject><subject>Artificial neural networks</subject><subject>Inference</subject><subject>Machine learning</subject><subject>Neural networks</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>PIMPY</sourceid><recordid>eNqNirEKwjAUAIMgWLT_8MC50KaJZpPaKi7dFMcS2mdNLYkmr36_Dn6A0x3czVjE8zxLlOB8weIQhjRN-WbLpcwjVpXawhWhNmR6TQh73T465zwURF-FSzC2h6J7ow_aGz1ChYQtGWehRrq7LuxWbH7TY8D4xyVbHw_n8pQ8vXtNGKgZ3OTtNzVcZEpIJYXK_7s-x-450A</recordid><startdate>20220728</startdate><enddate>20220728</enddate><creator>Jin, Kaidi</creator><creator>Zhang, Tianwei</creator><creator>Shen, Chao</creator><creator>Chen, Yufei</creator><creator>Fan, Ming</creator><creator>Lin, Chenhao</creator><creator>Liu, Ting</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope></search><sort><creationdate>20220728</creationdate><title>Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?</title><author>Jin, Kaidi ; Zhang, Tianwei ; Shen, Chao ; Chen, Yufei ; Fan, Ming ; Lin, Chenhao ; Liu, Ting</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-proquest_journals_24184585483</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Anomalies</topic><topic>Artificial neural networks</topic><topic>Inference</topic><topic>Machine learning</topic><topic>Neural networks</topic><toplevel>online_resources</toplevel><creatorcontrib>Jin, Kaidi</creatorcontrib><creatorcontrib>Zhang, Tianwei</creatorcontrib><creatorcontrib>Shen, Chao</creatorcontrib><creatorcontrib>Chen, Yufei</creatorcontrib><creatorcontrib>Fan, Ming</creatorcontrib><creatorcontrib>Lin, Chenhao</creatorcontrib><creatorcontrib>Liu, Ting</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science & Engineering Collection</collection><collection>ProQuest Central (Alumni)</collection><collection>ProQuest Central</collection><collection>ProQuest Central Essentials</collection><collection>AUTh Library subscriptions: ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Publicly Available Content (ProQuest)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Jin, Kaidi</au><au>Zhang, Tianwei</au><au>Shen, Chao</au><au>Chen, Yufei</au><au>Fan, Ming</au><au>Lin, Chenhao</au><au>Liu, Ting</au><format>book</format><genre>document</genre><ristype>GEN</ristype><atitle>Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?</atitle><jtitle>arXiv.org</jtitle><date>2022-07-28</date><risdate>2022</risdate><eissn>2331-8422</eissn><abstract>Deep Neural Networks are well known to be vulnerable to adversarial attacks and backdoor attacks, where minor modifications on the input are able to mislead the models to give wrong results. Although defenses against adversarial attacks have been widely studied, investigation on mitigating backdoor attacks is still at an early stage. It is unknown whether there are any connections and common characteristics between the defenses against these two attacks. We conduct comprehensive studies on the connections between adversarial examples and backdoor examples of Deep Neural Networks to seek to answer the question: can we detect backdoor using adversarial detection methods. Our insights are based on the observation that both adversarial examples and backdoor examples have anomalies during the inference process, highly distinguishable from benign samples. As a result, we revise four existing adversarial defense methods for detecting backdoor examples. Extensive evaluations indicate that these approaches provide reliable protection against backdoor attacks, with a higher accuracy than detecting adversarial examples. These solutions also reveal the relations of adversarial examples, backdoor examples and normal samples in model sensitivity, activation space and feature space. This is able to enhance our understanding about the inherent features of these two attacks and the defense opportunities.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	EISSN: 2331-8422
ispartof	arXiv.org, 2022-07
issn	2331-8422
language	eng
recordid	cdi_proquest_journals_2418458548
source	Publicly Available Content (ProQuest)
subjects	Anomalies Artificial neural networks Inference Machine learning Neural networks
title	Can We Mitigate Backdoor Attack Using Adversarial Detection Methods?
url	http://sfxeu10.hosted.exlibrisgroup.com/loughborough?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-13T03%3A17%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest&rft_val_fmt=info:ofi/fmt:kev:mtx:book&rft.genre=document&rft.atitle=Can%20We%20Mitigate%20Backdoor%20Attack%20Using%20Adversarial%20Detection%20Methods?&rft.jtitle=arXiv.org&rft.au=Jin,%20Kaidi&rft.date=2022-07-28&rft.eissn=2331-8422&rft_id=info:doi/&rft_dat=%3Cproquest%3E2418458548%3C/proquest%3E%3Cgrp_id%3Ecdi_FETCH-proquest_journals_24184585483%3C/grp_id%3E%3Coa%3E%3C/oa%3E%3Curl%3E%3C/url%3E&rft_id=info:oai/&rft_pqid=2418458548&rft_id=info:pmid/&rfr_iscdi=true