Backdoor Attack and Defense on Deep Learning: A Survey

IF 4.5 2区计算机科学 Q1 COMPUTER SCIENCE, CYBERNETICS

IEEE Transactions on Computational Social Systems Pub Date : 2024-11-05 DOI:10.1109/TCSS.2024.3482723

Yang Bai;Gaojie Xing;Hongyan Wu;Zhihong Rao;Chuan Ma;Shiping Wang;Xiaolei Liu;Yimin Zhou;Jiajia Tang;Kaijun Huang;Jiale Kang

{"title":"Backdoor Attack and Defense on Deep Learning: A Survey","authors":"Yang Bai;Gaojie Xing;Hongyan Wu;Zhihong Rao;Chuan Ma;Shiping Wang;Xiaolei Liu;Yimin Zhou;Jiajia Tang;Kaijun Huang;Jiale Kang","doi":"10.1109/TCSS.2024.3482723","DOIUrl":null,"url":null,"abstract":"Deep learning, as an important branch of machine learning, has been widely applied in computer vision, natural language processing, speech recognition, and more. However, recent studies have revealed that deep learning systems are vulnerable to backdoor attacks. Backdoor attackers inject a hidden backdoor into the deep learning model, such that the predictions of the infected model will be maliciously changed if the hidden backdoor is activated by input with a backdoor trigger while behaving normally on any benign sample. This kind of attack can potentially result in severe consequences in the real world. Therefore, research on defending against backdoor attacks has emerged rapidly. In this article, we have provided a comprehensive survey of backdoor attacks, detections, and defenses previously demonstrated on deep learning. We have investigated widely used model architectures, benchmark datasets, and metrics in backdoor research and have classified attacks, detections and defenses based on different criteria. Furthermore, we have analyzed some limitations in existing methods and, based on this, pointed out several promising future research directions. Through this survey, beginners can gain a preliminary understanding of backdoor attacks and defenses. Furthermore, we anticipate that this work will provide new perspectives and inspire extra research into the backdoor attack and defense methods in deep learning.","PeriodicalId":13044,"journal":{"name":"IEEE Transactions on Computational Social Systems","volume":"12 1","pages":"404-434"},"PeriodicalIF":4.5000,"publicationDate":"2024-11-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Computational Social Systems","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10744415/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, CYBERNETICS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning, as an important branch of machine learning, has been widely applied in computer vision, natural language processing, speech recognition, and more. However, recent studies have revealed that deep learning systems are vulnerable to backdoor attacks. Backdoor attackers inject a hidden backdoor into the deep learning model, such that the predictions of the infected model will be maliciously changed if the hidden backdoor is activated by input with a backdoor trigger while behaving normally on any benign sample. This kind of attack can potentially result in severe consequences in the real world. Therefore, research on defending against backdoor attacks has emerged rapidly. In this article, we have provided a comprehensive survey of backdoor attacks, detections, and defenses previously demonstrated on deep learning. We have investigated widely used model architectures, benchmark datasets, and metrics in backdoor research and have classified attacks, detections and defenses based on different criteria. Furthermore, we have analyzed some limitations in existing methods and, based on this, pointed out several promising future research directions. Through this survey, beginners can gain a preliminary understanding of backdoor attacks and defenses. Furthermore, we anticipate that this work will provide new perspectives and inspire extra research into the backdoor attack and defense methods in deep learning.

查看原文本刊更多论文

深度学习的后门攻击与防御：综述

深度学习作为机器学习的一个重要分支，在计算机视觉、自然语言处理、语音识别等领域得到了广泛的应用。然而，最近的研究表明，深度学习系统很容易受到后门攻击。后门攻击者在深度学习模型中注入一个隐藏的后门，如果隐藏的后门被带有后门触发器的输入激活，而在任何良性样本上表现正常，则受感染模型的预测将被恶意改变。这种攻击可能会在现实世界中造成严重后果。因此，针对后门攻击的防御研究迅速兴起。在本文中，我们提供了对后门攻击、检测和防御的全面调查，之前在深度学习上进行了演示。我们调查了后门研究中广泛使用的模型架构、基准数据集和指标，并根据不同的标准对攻击、检测和防御进行了分类。分析了现有方法的局限性，并在此基础上指出了未来的研究方向。通过这次调查，初学者可以对后门攻击和防御有一个初步的了解。此外，我们预计这项工作将为深度学习中的后门攻击和防御方法提供新的视角，并激发更多的研究。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Computational Social Systems Social Sciences-Social Sciences (miscellaneous)

CiteScore

10.00

自引率

20.00%

发文量

316

期刊介绍： IEEE Transactions on Computational Social Systems focuses on such topics as modeling, simulation, analysis and understanding of social systems from the quantitative and/or computational perspective. "Systems" include man-man, man-machine and machine-machine organizations and adversarial situations as well as social media structures and their dynamics. More specifically, the proposed transactions publishes articles on modeling the dynamics of social systems, methodologies for incorporating and representing socio-cultural and behavioral aspects in computational modeling, analysis of social system behavior and structure, and paradigms for social systems modeling and simulation. The journal also features articles on social network dynamics, social intelligence and cognition, social systems design and architectures, socio-cultural modeling and representation, and computational behavior modeling, and their applications.