Backdoor Learning: A Survey
- URL: http://arxiv.org/abs/2007.08745v5
- Date: Wed, 16 Feb 2022 06:39:39 GMT
- Title: Backdoor Learning: A Survey
- Authors: Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia
- Abstract summary: Backdoor attack intends to embed hidden backdoor into deep neural networks (DNNs)
Backdoor learning is an emerging and rapidly growing research area.
This paper presents the first comprehensive survey of this realm.
- Score: 75.59571756777342
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Backdoor attack intends to embed hidden backdoor into deep neural networks
(DNNs), so that the attacked models perform well on benign samples, whereas
their predictions will be maliciously changed if the hidden backdoor is
activated by attacker-specified triggers. This threat could happen when the
training process is not fully controlled, such as training on third-party
datasets or adopting third-party models, which poses a new and realistic
threat. Although backdoor learning is an emerging and rapidly growing research
area, its systematic review, however, remains blank. In this paper, we present
the first comprehensive survey of this realm. We summarize and categorize
existing backdoor attacks and defenses based on their characteristics, and
provide a unified framework for analyzing poisoning-based backdoor attacks.
Besides, we also analyze the relation between backdoor attacks and relevant
fields ($i.e.,$ adversarial attacks and data poisoning), and summarize widely
adopted benchmark datasets. Finally, we briefly outline certain future research
directions relying upon reviewed works. A curated list of backdoor-related
resources is also available at
\url{https://github.com/THUYimingLi/backdoor-learning-resources}.
Related papers
- Rethinking Backdoor Attacks [122.1008188058615]
In a backdoor attack, an adversary inserts maliciously constructed backdoor examples into a training set to make the resulting model vulnerable to manipulation.
Defending against such attacks typically involves viewing these inserted examples as outliers in the training set and using techniques from robust statistics to detect and remove them.
We show that without structural information about the training data distribution, backdoor attacks are indistinguishable from naturally-occurring features in the data.
arXiv Detail & Related papers (2023-07-19T17:44:54Z) - BackdoorBox: A Python Toolbox for Backdoor Learning [67.53987387581222]
This Python toolbox implements representative and advanced backdoor attacks and defenses.
It allows researchers and developers to easily implement and compare different methods on benchmark or their local datasets.
arXiv Detail & Related papers (2023-02-01T09:45:42Z) - Untargeted Backdoor Attack against Object Detection [69.63097724439886]
We design a poison-only backdoor attack in an untargeted manner, based on task characteristics.
We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns.
arXiv Detail & Related papers (2022-11-02T17:05:45Z) - On the Effectiveness of Adversarial Training against Backdoor Attacks [111.8963365326168]
A backdoored model always predicts a target class in the presence of a predefined trigger pattern.
In general, adversarial training is believed to defend against backdoor attacks.
We propose a hybrid strategy which provides satisfactory robustness across different backdoor attacks.
arXiv Detail & Related papers (2022-02-22T02:24:46Z) - Black-box Detection of Backdoor Attacks with Limited Information and
Data [56.0735480850555]
We propose a black-box backdoor detection (B3D) method to identify backdoor attacks with only query access to the model.
In addition to backdoor detection, we also propose a simple strategy for reliable predictions using the identified backdoored models.
arXiv Detail & Related papers (2021-03-24T12:06:40Z) - Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive
Review [40.36824357892676]
This work provides the community with a timely comprehensive review of backdoor attacks and countermeasures on deep learning.
According to the attacker's capability and affected stage of the machine learning pipeline, the attack surfaces are recognized to be wide.
Countermeasures are categorized into four general classes: blind backdoor removal, offline backdoor inspection, online backdoor inspection, and post backdoor removal.
arXiv Detail & Related papers (2020-07-21T12:49:12Z) - Backdoors in Neural Models of Source Code [13.960152426268769]
We study backdoors in the context of deep-learning for source code.
We show how to poison a dataset to install such backdoors.
We also show the ease of injecting backdoors and our ability to eliminate them.
arXiv Detail & Related papers (2020-06-11T21:35:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.