TY - GEN
T1 - A Defense Method against Backdoor Attacks in Neural Networks Using an Image Repair Technique
AU - Chen, Jiangtao
AU - Lu, Huijuan
AU - Huo, Wanli
AU - Zhang, Shicong
AU - Chen, Yuefeng
AU - Yao, Yudong
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - With the rapid development of deep learning research and applications, the problem of artificial intelligence security has become increasingly prominent, such as adversarial examples, universal adversarial patch, and data poisoning, especially for the backdoor attack, which is a new type of covert attack, leading to the vulnerability and non-robustness of deep learning models. In a backdoor attack, the attacker will conduct a malicious attack by inserting some poisoned samples into training dataset. Poisoned samples add triggers and modify the labels to the target labels to participate in the training. Infected model has the same accuracy as the clean model in the normal test set, but when confronted with poisoned samples, the triggers will be activated to make the infected model predict the target label. To solve this problem, model parameters adjustment and poisoned data removal methods are widely used. However, they lack real-time performance and accuracy is insufficient. In this paper, we propose a new backdoor attack defense method, in which trigger reverse engineering is used to obtain the right triggers and image repair techniques to make sure that the input model data can be real-time processed without any negative impacts on clean samples.
AB - With the rapid development of deep learning research and applications, the problem of artificial intelligence security has become increasingly prominent, such as adversarial examples, universal adversarial patch, and data poisoning, especially for the backdoor attack, which is a new type of covert attack, leading to the vulnerability and non-robustness of deep learning models. In a backdoor attack, the attacker will conduct a malicious attack by inserting some poisoned samples into training dataset. Poisoned samples add triggers and modify the labels to the target labels to participate in the training. Infected model has the same accuracy as the clean model in the normal test set, but when confronted with poisoned samples, the triggers will be activated to make the infected model predict the target label. To solve this problem, model parameters adjustment and poisoned data removal methods are widely used. However, they lack real-time performance and accuracy is insufficient. In this paper, we propose a new backdoor attack defense method, in which trigger reverse engineering is used to obtain the right triggers and image repair techniques to make sure that the input model data can be real-time processed without any negative impacts on clean samples.
KW - Backdoor attack
KW - Backdoor defense
KW - GAN
KW - Image repair
KW - Trigger reverse engineering
UR - http://www.scopus.com/inward/record.url?scp=85153970885&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85153970885&partnerID=8YFLogxK
U2 - 10.1109/ITME56794.2022.00087
DO - 10.1109/ITME56794.2022.00087
M3 - Conference contribution
AN - SCOPUS:85153970885
T3 - Proceedings - 2022 12th International Conference on Information Technology in Medicine and Education, ITME 2022
SP - 375
EP - 380
BT - Proceedings - 2022 12th International Conference on Information Technology in Medicine and Education, ITME 2022
T2 - 12th International Conference on Information Technology in Medicine and Education, ITME 2022
Y2 - 18 November 2022 through 20 November 2022
ER -