基于生命周期视角的深度神经网络木马攻击及对策综述

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-03-31 DOI:10.1145/3727640

Lingxin Jin, Xiangyu Wen, Wei Jiang, Jinyu Zhan, Xingzhi Zhou

{"title":"基于生命周期视角的深度神经网络木马攻击及对策综述","authors":"Lingxin Jin, Xiangyu Wen, Wei Jiang, Jinyu Zhan, Xingzhi Zhou","doi":"10.1145/3727640","DOIUrl":null,"url":null,"abstract":"Deep Neural Networks (DNNs) have been widely deployed in security-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Trojan information maliciously injected by attackers. This vulnerability is caused, on the one hand, by the complex architecture and non-interpretability of DNNs. On the other hand, external open-source datasets, pre-trained models, and intelligent service platforms further exacerbate the threat of Trojan attacks. This article presents the first comprehensive survey of Trojan attacks against DNNs from a lifecycle perspective, including training, post-training, and inference (deployment) stages. Specifically, this article reformulates the relationships of Trojan attacks with poisoning attacks, adversarial example attacks, and bit-flip attacks. Then, research on Trojan attacks against newly emerged model architectures (e.g., vision transformers and spiking neural networks) and in other research fields is investigated. Moreover, this article also provides a comprehensive review of countermeasures (including detection and elimination) against Trojan attacks. Further, it evaluates the practical effectiveness of existing defense strategies against Trojan attacks at different lifecycle stages. Finally, we conclude the survey and provide constructive insights to advance research on Trojan attacks and countermeasures.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"12 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Trojan Attacks and Countermeasures on Deep Neural Networks from Life-Cycle Perspective: A Review\",\"authors\":\"Lingxin Jin, Xiangyu Wen, Wei Jiang, Jinyu Zhan, Xingzhi Zhou\",\"doi\":\"10.1145/3727640\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep Neural Networks (DNNs) have been widely deployed in security-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Trojan information maliciously injected by attackers. This vulnerability is caused, on the one hand, by the complex architecture and non-interpretability of DNNs. On the other hand, external open-source datasets, pre-trained models, and intelligent service platforms further exacerbate the threat of Trojan attacks. This article presents the first comprehensive survey of Trojan attacks against DNNs from a lifecycle perspective, including training, post-training, and inference (deployment) stages. Specifically, this article reformulates the relationships of Trojan attacks with poisoning attacks, adversarial example attacks, and bit-flip attacks. Then, research on Trojan attacks against newly emerged model architectures (e.g., vision transformers and spiking neural networks) and in other research fields is investigated. Moreover, this article also provides a comprehensive review of countermeasures (including detection and elimination) against Trojan attacks. Further, it evaluates the practical effectiveness of existing defense strategies against Trojan attacks at different lifecycle stages. Finally, we conclude the survey and provide constructive insights to advance research on Trojan attacks and countermeasures.\",\"PeriodicalId\":50926,\"journal\":{\"name\":\"ACM Computing Surveys\",\"volume\":\"12 1\",\"pages\":\"\"},\"PeriodicalIF\":23.8000,\"publicationDate\":\"2025-03-31\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ACM Computing Surveys\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1145/3727640\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3727640","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

深度神经网络（dnn）已广泛应用于安全关键型人工智能系统，如自动驾驶和面部识别系统。然而，最近的研究表明，它们很容易受到攻击者恶意注入的木马信息的影响。这种脆弱性一方面是由dnn的复杂结构和不可解释性造成的。另一方面，外部开源数据集、预训练模型和智能服务平台进一步加剧了木马攻击的威胁。本文首次从生命周期的角度对针对dnn的木马攻击进行了全面调查，包括训练、训练后和推理（部署）阶段。具体来说，本文重新阐述了木马攻击与投毒攻击、对抗性示例攻击和位翻转攻击之间的关系。然后，研究了针对新出现的模型架构（如视觉变压器和尖峰神经网络）和其他研究领域的特洛伊木马攻击。此外，本文还全面回顾了针对木马攻击的对策（包括检测和消除）。进一步，评估了现有防御策略在不同生命周期阶段对特洛伊木马攻击的实际有效性。最后，我们总结了调查结果，并为进一步研究特洛伊木马攻击和对策提供了建设性的见解。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Trojan Attacks and Countermeasures on Deep Neural Networks from Life-Cycle Perspective: A Review

Deep Neural Networks (DNNs) have been widely deployed in security-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Trojan information maliciously injected by attackers. This vulnerability is caused, on the one hand, by the complex architecture and non-interpretability of DNNs. On the other hand, external open-source datasets, pre-trained models, and intelligent service platforms further exacerbate the threat of Trojan attacks. This article presents the first comprehensive survey of Trojan attacks against DNNs from a lifecycle perspective, including training, post-training, and inference (deployment) stages. Specifically, this article reformulates the relationships of Trojan attacks with poisoning attacks, adversarial example attacks, and bit-flip attacks. Then, research on Trojan attacks against newly emerged model architectures (e.g., vision transformers and spiking neural networks) and in other research fields is investigated. Moreover, this article also provides a comprehensive review of countermeasures (including detection and elimination) against Trojan attacks. Further, it evaluates the practical effectiveness of existing defense strategies against Trojan attacks at different lifecycle stages. Finally, we conclude the survey and provide constructive insights to advance research on Trojan attacks and countermeasures.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.