Back to Search Start Over

An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences

Authors :
Wei Guo
Benedetta Tondi
Mauro Barni
Source :
IEEE Open Journal of Signal Processing, Vol 3, Pp 261-287 (2022)
Publication Year :
2022
Publisher :
IEEE, 2022.

Abstract

Together with impressive advances touching every aspect of our society, AI technology based on Deep Neural Networks (DNN) is bringing increasing security concerns. While attacks operating at test time have monopolised the initial attention of researchers, backdoor attacks, exploiting the possibility of corrupting DNN models by interfering with the training process, represent a further serious threat undermining the dependability of AI techniques. In backdoor attacks, the attacker corrupts the training data to induce an erroneous behaviour at test time. Test-time errors, however, are activated only in the presence of a triggering event. In this way, the corrupted network continues to work as expected for regular inputs, and the malicious behaviour occurs only when the attacker decides to activate the backdoor hidden within the network. Recently, backdoor attacks have been an intense research domain focusing on both the development of new classes of attacks, and the proposal of possible countermeasures. The goal of this overview is to review the works published until now, classifying the different types of attacks and defences proposed so far. The classification guiding the analysis is based on the amount of control that the attacker has on the training process, and the capability of the defender to verify the integrity of the data used for training, and to monitor the operations of the DNN at training and test time. Hence, the proposed analysis is suited to highlight the strengths and weaknesses of both attacks and defences with reference to the application scenarios they are operating in.

Details

Language :
English
ISSN :
26441322
Volume :
3
Database :
Directory of Open Access Journals
Journal :
IEEE Open Journal of Signal Processing
Publication Type :
Academic Journal
Accession number :
edsdoj.bceed20897ad4da5b361d2c9c958e5b3
Document Type :
article
Full Text :
https://doi.org/10.1109/OJSP.2022.3190213