AGNES: Abstraction-guided Framework for Deep Neural Networks Security

• URL: http://arxiv.org/abs/2311.04009v1
• Date: Tue, 7 Nov 2023 14:05:20 GMT
• Title: AGNES: Abstraction-guided Framework for Deep Neural Networks Security
• Authors: Akshay Dhonthi, Marcello Eiermann, Ernst Moritz Hahn, Vahid Hashemi
• Abstract summary: Deep Neural Networks (DNNs) are becoming widespread, particularly in safety-critical areas. One application is image recognition in autonomous driving. DNNs are prone to backdoors, meaning that they concentrate on attributes of the image that should be irrelevant for their correct classification. We introduce AGNES, a tool to detect backdoors in DNNs for image recognition.
• Score: 0.6827423171182154
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: Deep Neural Networks (DNNs) are becoming widespread, particularly in safety-critical areas. One prominent application is image recognition in autonomous driving, where the correct classification of objects, such as traffic signs, is essential for safe driving. Unfortunately, DNNs are prone to backdoors, meaning that they concentrate on attributes of the image that should be irrelevant for their correct classification. Backdoors are integrated into a DNN during training, either with malicious intent (such as a manipulated training process, because of which a yellow sticker always leads to a traffic sign being recognised as a stop sign) or unintentional (such as a rural background leading to any traffic sign being recognised as animal crossing, because of biased training data). In this paper, we introduce AGNES, a tool to detect backdoors in DNNs for image recognition. We discuss the principle approach on which AGNES is based. Afterwards, we show that our tool performs better than many state-of-the-art methods for multiple relevant case studies.

Related papers

• Explainable and Trustworthy Traffic Sign Detection for Safe Autonomous Driving: An Inductive Logic Programming Approach [0.0]
  We propose an ILP-based approach for stop sign detection in Autonomous Vehicles. It is more robust against adversarial attacks, as it mimics human-like perception. It is able to correctly identify all targeted stop signs, even in the presence of PR2 and ADvCam attacks.
  arXiv  Detail & Related papers  (2023-08-30T09:05:52Z)
• Backdoor Mitigation in Deep Neural Networks via Strategic Retraining [0.0]
  Deep Neural Networks (DNN) are becoming increasingly important in assisted and automated driving. One particular problem is that they are prone to hidden backdoors. In this paper, we introduce a novel method to remove backdoors.
  arXiv  Detail & Related papers  (2022-12-14T15:22:32Z)
• Efficient Federated Learning with Spike Neural Networks for Traffic Sign Recognition [70.306089187104]
  We introduce powerful Spike Neural Networks (SNNs) into traffic sign recognition for energy-efficient and fast model training. Numerical results indicate that the proposed federated SNN outperforms traditional federated convolutional neural networks in terms of accuracy, noise immunity, and energy efficiency as well.
  arXiv  Detail & Related papers  (2022-05-28T03:11:48Z)
• Black-box Safety Analysis and Retraining of DNNs based on Feature Extraction and Clustering [0.9590956574213348]
  We propose SAFE, a black-box approach to automatically characterize the root causes of DNN errors. It relies on a transfer learning model pre-trained on ImageNet to extract the features from error-inducing images. It then applies a density-based clustering algorithm to detect arbitrary shaped clusters of images modeling plausible causes of error.
  arXiv  Detail & Related papers  (2022-01-13T17:02:57Z)
• Background Adaptive Faster R-CNN for Semi-Supervised Convolutional Object Detection of Threats in X-Ray Images [64.39996451133268]
  We present a semi-supervised approach for threat recognition which we call Background Adaptive Faster R-CNN. This approach is a training method for two-stage object detectors which uses Domain Adaptation methods from the field of deep learning. Two domain discriminators, one for discriminating object proposals and one for image features, are adversarially trained to prevent encoding domain-specific information. This can reduce threat detection false alarm rates by matching the statistics of extracted features from hand-collected backgrounds to real world data.
  arXiv  Detail & Related papers  (2020-10-02T21:05:13Z)
• Noise-Response Analysis of Deep Neural Networks Quantifies Robustness and Fingerprints Structural Malware [48.7072217216104]
  Deep neural networks (DNNs) have structural malware' (i.e., compromised weights and activation pathways) It is generally difficult to detect backdoors, and existing detection methods are computationally expensive and require extensive resources (e.g., access to the training data) Here, we propose a rapid feature-generation technique that quantifies the robustness of a DNN, fingerprints' its nonlinearity, and allows us to detect backdoors (if present) Our empirical results demonstrate that we can accurately detect backdoors with high confidence orders-of-magnitude faster than existing approaches (seconds versus
  arXiv  Detail & Related papers  (2020-07-31T23:52:58Z)
• TopoAL: An Adversarial Learning Approach for Topology-Aware Road Segmentation [56.353558147044]
  We introduce an Adversarial Learning (AL) strategy tailored for our purposes. We use a more sophisticated discriminator that returns a label pyramid describing what portions of the road network are correct. We will show that it outperforms state-of-the-art ones on the challenging RoadTracer dataset.
  arXiv  Detail & Related papers  (2020-07-17T16:06:45Z)
• Boosting Deep Neural Networks with Geometrical Prior Knowledge: A Survey [77.99182201815763]
  Deep Neural Networks (DNNs) achieve state-of-the-art results in many different problem settings. DNNs are often treated as black box systems, which complicates their evaluation and validation. One promising field, inspired by the success of convolutional neural networks (CNNs) in computer vision tasks, is to incorporate knowledge about symmetric geometrical transformations.
  arXiv  Detail & Related papers  (2020-06-30T14:56:05Z)
• Defending against Backdoor Attack on Deep Neural Networks [98.45955746226106]
  We study the so-called textitbackdoor attack, which injects a backdoor trigger to a small portion of training data. Experiments show that our method could effectively decrease the attack success rate, and also hold a high classification accuracy for clean images.
  arXiv  Detail & Related papers  (2020-02-26T02:03:00Z)
• Supporting DNN Safety Analysis and Retraining through Heatmap-based Unsupervised Learning [1.6414392145248926]
  We propose HUDD, an approach that automatically supports the identification of root causes for DNN errors. HUDD identifies root causes by applying a clustering algorithm to heatmaps capturing the relevance of every DNN neuron on the outcome. Also, HUDD retrains DNNs with images that are automatically selected based on their relatedness to the identified image clusters.
  arXiv  Detail & Related papers  (2020-02-03T16:16:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.