Multi-Model Selective Backdoor Attack with Different Trigger Positions
- 1 January 2022
- journal article
- research article
- Published by Institute of Electronics, Information and Communications Engineers (IEICE) in IEICE Transactions on Information and Systems
- Vol. E105.D (1), 170-174
- https://doi.org/10.1587/transinf.2021edl8054
Abstract
Deep neural networks show good performance in image recognition, speech recognition, and pattern analysis. However, deep neural networks show weaknesses, one of which is vulnerability to backdoor attacks. A backdoor attack performs additional training of the target model on backdoor samples that contain a specific trigger so that normal data without the trigger will be correctly classified by the model, but the backdoor samples with the specific trigger will be incorrectly classified by the model. Various studies on such backdoor attacks have been conducted. However, the existing backdoor attack causes misclassification by one classifier. In certain situations, it may be necessary to carry out a selective backdoor attack on a specific model in an environment with multiple models. In this paper, we propose a multi-model selective backdoor attack method that misleads each model to misclassify samples into a different class according to the position of the trigger. The experiment for this study used MNIST and Fashion-MNIST as datasets and TensorFlow as the machine learning library. The results show that the proposed scheme has a 100% average attack success rate for each model while maintaining 97.1% and 90.9% accuracy on the original samples for MNIST and Fashion-MNIST, respectively.Keywords
This publication has 7 references indexed in Scilit:
- Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural NetworksPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2019
- BadNets: Evaluating Backdooring Attacks on Deep Neural NetworksIEEE Access, 2019
- Attacking convolutional neural network using differential evolutionIPSJ Transactions on Computer Vision and Applications, 2019
- One Pixel Attack for Fooling Deep Neural NetworksIEEE Transactions on Evolutionary Computation, 2019
- Deep learning in neural networks: An overviewNeural Networks, 2015
- The security of machine learningMachine Learning, 2010
- Gradient-based learning applied to document recognitionProceedings of the IEEE, 1998