当前位置:
X-MOL 学术
›
Secur. Commun. Netw.
›
论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
DeepDefense: A Steganalysis-Based Backdoor Detecting and Mitigating Protocol in Deep Neural Networks for AI Security
Security and Communication Networks ( IF 1.968 ) Pub Date : 2023-5-9 , DOI: 10.1155/2023/9308909 Lei Zhang 1 , Ya Peng 1 , Lifei Wei 2 , Congcong Chen 1 , Xiaoyu Zhang 3
Security and Communication Networks ( IF 1.968 ) Pub Date : 2023-5-9 , DOI: 10.1155/2023/9308909 Lei Zhang 1 , Ya Peng 1 , Lifei Wei 2 , Congcong Chen 1 , Xiaoyu Zhang 3
Affiliation
Backdoor attacks have been recognized as a major AI security threat in deep neural networks (DNNs) recently. The attackers inject backdoors into DNNs during the model training such as federated learning. The infected model behaves normally on the clean samples in AI applications while the backdoors are only activated by the predefined triggers and resulted in the specified results. Most of the existing defensing approaches assume that the trigger settings on different poisoned samples are visible and identical just like a white square in the corner of the image. Besides, the sample-specific triggers are always invisible and difficult to detect in DNNs, which also becomes a great challenge against the existing defensing protocols. In this paper, to address the above problems, we propose a backdoor detecting and mitigating protocol based on a wider separate-then-reunion network (WISERNet) equipped with a cryptographic deep steganalyzer for color images, which detects the backdoors hiding behind the poisoned samples even if the embedding algorithm is unknown and further feeds the poisoned samples into the infected model for backdoor unlearning and mitigation. The experimental results show that our work performs better in the backdoor defensing effect compared to state-of-the-art backdoor defensing methods such as fine-pruning and ABL against three typical backdoor attacks. Our protocol reduces the attack success rate close to 0% on the test data and slightly decreases the classification accuracy on the clean samples within 3%.
中文翻译:
DeepDefense:用于 AI 安全的深度神经网络中基于隐写分析的后门检测和缓解协议
最近,后门攻击已被认为是深度神经网络 (DNN) 中的主要 AI 安全威胁。攻击者在联邦学习等模型训练期间将后门注入 DNN。受感染的模型在 AI 应用程序的干净样本上表现正常,而后门仅由预定义的触发器激活并导致指定的结果。大多数现有的防御方法都假设不同中毒样本的触发设置是可见的且相同的,就像图像角落的白色方块一样。此外,特定于样本的触发器在 DNN 中总是不可见且难以检测,这也成为对现有防御协议的巨大挑战。本文针对上述问题,我们提出了一种基于更广泛的先分离后重聚网络(WISERNet)的后门检测和缓解协议,该网络配备了用于彩色图像的加密深度隐写分析器,即使嵌入算法未知并进一步提供信息,它也能检测隐藏在有毒样本后面的后门将中毒样本放入受感染模型中以进行后门学习和缓解。实验结果表明,与针对三种典型后门攻击的精细剪枝和 ABL 等最先进的后门防御方法相比,我们的工作在后门防御效果上表现更好。我们的协议将测试数据的攻击成功率降低到接近 0%,并将干净样本的分类准确率略微降低到 3% 以内。
更新日期:2023-05-09
中文翻译:
DeepDefense:用于 AI 安全的深度神经网络中基于隐写分析的后门检测和缓解协议
最近,后门攻击已被认为是深度神经网络 (DNN) 中的主要 AI 安全威胁。攻击者在联邦学习等模型训练期间将后门注入 DNN。受感染的模型在 AI 应用程序的干净样本上表现正常,而后门仅由预定义的触发器激活并导致指定的结果。大多数现有的防御方法都假设不同中毒样本的触发设置是可见的且相同的,就像图像角落的白色方块一样。此外,特定于样本的触发器在 DNN 中总是不可见且难以检测,这也成为对现有防御协议的巨大挑战。本文针对上述问题,我们提出了一种基于更广泛的先分离后重聚网络(WISERNet)的后门检测和缓解协议,该网络配备了用于彩色图像的加密深度隐写分析器,即使嵌入算法未知并进一步提供信息,它也能检测隐藏在有毒样本后面的后门将中毒样本放入受感染模型中以进行后门学习和缓解。实验结果表明,与针对三种典型后门攻击的精细剪枝和 ABL 等最先进的后门防御方法相比,我们的工作在后门防御效果上表现更好。我们的协议将测试数据的攻击成功率降低到接近 0%,并将干净样本的分类准确率略微降低到 3% 以内。
京公网安备 11010802027423号