{"title":"TriMPA: Triggerless Targeted Model Poisoning Attack in DNN","authors":"Debasmita Manna;Somanath Tripathy","doi":"10.1109/TCSS.2023.3349269","DOIUrl":null,"url":null,"abstract":"Due to its admirable accuracy and performance across a wide range of classification and identification tasks, deep learning algorithms have gained popularity in several applications. However, the models’ security has become a serious concern, as antagonists could use them to promote their malicious goals. This work proposes a triggerless targeted model poisoning attack (TriMPA) against deep neural network without requiring any change in input to trigger the backdoor. TriMPA identifies active neurons that highly contribute to the prediction of the victim output label and replaces those neurons with that corresponding to the target output label. The performance of the proposed mechanism is evaluated through experiments as well as analyzed theoretically. It is shown that TriMPA achieves a higher attack success rate.","PeriodicalId":13044,"journal":{"name":"IEEE Transactions on Computational Social Systems","volume":null,"pages":null},"PeriodicalIF":4.5000,"publicationDate":"2024-01-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computational Social Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10413593/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, CYBERNETICS","Score":null,"Total":0}
引用次数: 0
Abstract
Due to its admirable accuracy and performance across a wide range of classification and identification tasks, deep learning algorithms have gained popularity in several applications. However, the models’ security has become a serious concern, as antagonists could use them to promote their malicious goals. This work proposes a triggerless targeted model poisoning attack (TriMPA) against deep neural network without requiring any change in input to trigger the backdoor. TriMPA identifies active neurons that highly contribute to the prediction of the victim output label and replaces those neurons with that corresponding to the target output label. The performance of the proposed mechanism is evaluated through experiments as well as analyzed theoretically. It is shown that TriMPA achieves a higher attack success rate.
期刊介绍:
IEEE Transactions on Computational Social Systems focuses on such topics as modeling, simulation, analysis and understanding of social systems from the quantitative and/or computational perspective. "Systems" include man-man, man-machine and machine-machine organizations and adversarial situations as well as social media structures and their dynamics. More specifically, the proposed transactions publishes articles on modeling the dynamics of social systems, methodologies for incorporating and representing socio-cultural and behavioral aspects in computational modeling, analysis of social system behavior and structure, and paradigms for social systems modeling and simulation. The journal also features articles on social network dynamics, social intelligence and cognition, social systems design and architectures, socio-cultural modeling and representation, and computational behavior modeling, and their applications.