{"title":"FriendNet后门:识别对友好深度神经网络安全的后门攻击","authors":"Hyun Kwon, H. Yoon, Ki-Woong Park","doi":"10.1145/3378936.3378938","DOIUrl":null,"url":null,"abstract":"Deep neural networks (DNNs) provide good performance in image recognition, speech recognition and pattern analysis. However, DNNs are vulnerable to backdoor attacks. Backdoor attacks allow attackers to proactively access training data of DNNs to train additional malicious data, including the specific trigger. In normal times, DNNs correctly classify the normal data, but the malicious data with the specific trigger trained by attackers can cause misclassification of DNNs. For example, if an attacker sets up a road sign that includes a specific trigger, an autonomous vehicle equipped with a DNN may misidentify the road sign and cause an accident. Thus, an attacker can use a backdoor attack to threaten the DNN at any time. However, this backdoor attack can be useful in certain situations, such as in military situations. Since there is a mixture of enemy and friendly force in the military situations, it is necessary to cause misclassification of the enemy equipment and classification of the friendly equipment. Therefore, it is necessary to make backdoor attacks that are correctly recognized by friendly equipment and misrecognized by the enemy equipment. In this paper, we propose a friendnet backdoor that is correctly recognized by friendly classifier and misclassified by the enemy classifier. This method additionally trains the friendly and enemy classifier with the proposed data, including the specific trigger that is correctly recognized by friendly classifier and misclassified by enemy classifier. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method in MNIST and Fashion-MNIST has 100% attack success rate of the enemy classifier and the 99.21% and 92.3% accuracy of the friendly classifier, respectively.","PeriodicalId":304149,"journal":{"name":"Proceedings of the 3rd International Conference on Software Engineering and Information Management","volume":"312 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-01-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"FriendNet Backdoor: Indentifying Backdoor Attack that is safe for Friendly Deep Neural Network\",\"authors\":\"Hyun Kwon, H. Yoon, Ki-Woong Park\",\"doi\":\"10.1145/3378936.3378938\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep neural networks (DNNs) provide good performance in image recognition, speech recognition and pattern analysis. However, DNNs are vulnerable to backdoor attacks. Backdoor attacks allow attackers to proactively access training data of DNNs to train additional malicious data, including the specific trigger. In normal times, DNNs correctly classify the normal data, but the malicious data with the specific trigger trained by attackers can cause misclassification of DNNs. For example, if an attacker sets up a road sign that includes a specific trigger, an autonomous vehicle equipped with a DNN may misidentify the road sign and cause an accident. Thus, an attacker can use a backdoor attack to threaten the DNN at any time. However, this backdoor attack can be useful in certain situations, such as in military situations. Since there is a mixture of enemy and friendly force in the military situations, it is necessary to cause misclassification of the enemy equipment and classification of the friendly equipment. Therefore, it is necessary to make backdoor attacks that are correctly recognized by friendly equipment and misrecognized by the enemy equipment. In this paper, we propose a friendnet backdoor that is correctly recognized by friendly classifier and misclassified by the enemy classifier. This method additionally trains the friendly and enemy classifier with the proposed data, including the specific trigger that is correctly recognized by friendly classifier and misclassified by enemy classifier. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method in MNIST and Fashion-MNIST has 100% attack success rate of the enemy classifier and the 99.21% and 92.3% accuracy of the friendly classifier, respectively.\",\"PeriodicalId\":304149,\"journal\":{\"name\":\"Proceedings of the 3rd International Conference on Software Engineering and Information Management\",\"volume\":\"312 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2020-01-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 3rd International Conference on Software Engineering and Information Management\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3378936.3378938\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd International Conference on Software Engineering and Information Management","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3378936.3378938","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
FriendNet Backdoor: Indentifying Backdoor Attack that is safe for Friendly Deep Neural Network
Deep neural networks (DNNs) provide good performance in image recognition, speech recognition and pattern analysis. However, DNNs are vulnerable to backdoor attacks. Backdoor attacks allow attackers to proactively access training data of DNNs to train additional malicious data, including the specific trigger. In normal times, DNNs correctly classify the normal data, but the malicious data with the specific trigger trained by attackers can cause misclassification of DNNs. For example, if an attacker sets up a road sign that includes a specific trigger, an autonomous vehicle equipped with a DNN may misidentify the road sign and cause an accident. Thus, an attacker can use a backdoor attack to threaten the DNN at any time. However, this backdoor attack can be useful in certain situations, such as in military situations. Since there is a mixture of enemy and friendly force in the military situations, it is necessary to cause misclassification of the enemy equipment and classification of the friendly equipment. Therefore, it is necessary to make backdoor attacks that are correctly recognized by friendly equipment and misrecognized by the enemy equipment. In this paper, we propose a friendnet backdoor that is correctly recognized by friendly classifier and misclassified by the enemy classifier. This method additionally trains the friendly and enemy classifier with the proposed data, including the specific trigger that is correctly recognized by friendly classifier and misclassified by enemy classifier. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method in MNIST and Fashion-MNIST has 100% attack success rate of the enemy classifier and the 99.21% and 92.3% accuracy of the friendly classifier, respectively.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
