Backdoor Attacks and Defenses for Deep Neural Networks in Outsourced Cloud Environments.

Deep neural networks have achieved tremendous success in various fields, especially in recognition and classification applications. However, faced with the difficulty of training millions of parameters of such networks, many users outsource the training procedure of a specific prediction work to the powerful cloud servers that own abundant computation and storage resources. Although such outsourced training can significantly simplify and expedite the development circles, it also introduces many security risks. In recent years, a new type of attack, the so-called backdoor attack, has attracted much attention, where the attacker's goal is to create a maliciously deep neural network to make misclassification on the special inputs with the backdoor trigger. For its concealment, such attacks can potentially cause disastrous consequences. Subsequently, many defense mechanisms against this attack are also appearing. In this article, we conduct a retrospective review on the existing schemes of the backdoor attacks and defenses in outsourced cloud environments. According to the resources the adversary has, and whether the detection time is during run-time or not, we classify the attack and defense approaches into multiple categories. We present a detailed overview of each category, and we provide a comparison of these approaches and evaluate part of the attack schemes by the experiments. We also highlight various future research directions in this field. These views shed light on possible avenues for future research. [ABSTRACT FROM AUTHOR]