Hidden Trigger Backdoor Attacks
| dc.contributor.author | Saha, Aniruddha | |
| dc.contributor.author | Subramanya, Akshayvarun | |
| dc.contributor.author | Pirsiavash, Hamed | |
| dc.date.accessioned | 2020-03-11T18:24:45Z | |
| dc.date.available | 2020-03-11T18:24:45Z | |
| dc.date.issued | 2019-12-21 | |
| dc.description | Proceedings of the AAAI Conference on Artificial Intelligence | |
| dc.description.abstract | With the success of deep learning algorithms in various domains, studying adversarial attacks to secure deep models in real world applications has become an important research topic. Backdoor attacks are a form of adversarial attacks on deep networks where the attacker provides poisoned data to the victim to train the model with, and then activates the attack by showing a specific small trigger pattern at the test time. Most state-of-the-art backdoor attacks either provide mislabeled poisoning data that is possible to identify by visual inspection, reveal the trigger in the poisoned data, or use noise to hide the trigger. We propose a novel form of backdoor attack where poisoned data look natural with correct labels and also more importantly, the attacker hides the trigger in the poisoned data and keeps the trigger secret until the test time. We perform an extensive study on various image classification settings and show that our attack can fool the model by pasting the trigger at random locations on unseen images although the model performs well on clean data. We also show that our proposed attack cannot be easily defended using a state-of-the-art defense algorithm for backdoor attacks. | en_US |
| dc.description.sponsorship | This work was performed under the following financial assistance award: 60NANB18D279 from U.S. Department of Commerce, National Institute of Standards and Technology, funding from SAP SE, and also NSF grant 1845216. | en_US |
| dc.description.uri | https://aaai.org/ojs/index.php/AAAI/article/view/6871 | en_US |
| dc.format.extent | 9 pages | en_US |
| dc.genre | conference papers and proceedings preprints | en_US |
| dc.identifier | doi:10.13016/m2vwqj-nkvb | |
| dc.identifier.citation | Saha, Aniruddha; Subramanya, Akshayvarun; Pirsiavash, Hamed; Hidden Trigger Backdoor Attacks; Computer Vision and Pattern Recognition (2019); Proceedings of the AAAI Conference on Artificial Intelligence; https://aaai.org/ojs/index.php/AAAI/article/view/6871 | en_US |
| dc.identifier.uri | http://hdl.handle.net/11603/17553 | |
| dc.identifier.uri | https://doi.org/10.1609/aaai.v34i07.6871 | |
| dc.language.iso | en_US | en_US |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.rights | This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author. | |
| dc.rights | © 2019, Association for the Advancement of Artificial Intelligence | |
| dc.subject | deep learning algorithms | en_US |
| dc.subject | adversarial attacks | en_US |
| dc.subject | backdoor attacks | en_US |
| dc.subject | deep networks | en_US |
| dc.subject | poisoned data | en_US |
| dc.title | Hidden Trigger Backdoor Attacks | en_US |
| dc.type | Text | en_US |