Dynamic Backdoors with Global Average Pooling

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

4 Citations (Scopus)
41 Downloads (Pure)

Abstract

Outsourced training and machine learning as a service have resulted in novel attack vectors like backdoor attacks. Such attacks embed a secret functionality in a neural network activated when the trigger is added to its input. In most works in the literature, the trigger is static, both in terms of location and pattern. The effectiveness of various detection mechanisms depends on this property. It was recently shown that countermeasures in image classification, like Neural Cleanse and ABS, could be bypassed with dynamic triggers that are effective regardless of their pattern and location. Still, such backdoors are demanding as they require a large percentage of poisoned training data. In this work, we are the first to show that dynamic backdoor attacks could happen due to a global average pooling layer without increasing the percentage of the poisoned training data. Nevertheless, our experiments in sound classification, text sentiment analysis, and image classification show this to be very difficult in practice.
Original languageEnglish
Title of host publicationProceedings of the 2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems (AICAS)
Place of PublicationDanvers
PublisherIEEE
Pages320-323
Number of pages4
ISBN (Electronic)978-1-6654-0996-4
ISBN (Print)978-1-6654-0997-1
DOIs
Publication statusPublished - 2022
Event2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems - Incheon, Korea, Republic of
Duration: 13 Jun 202215 Jun 2022
Conference number: 4th

Publication series

NameProceeding - IEEE International Conference on Artificial Intelligence Circuits and Systems, AICAS 2022

Conference

Conference2022 IEEE 4th International Conference on Artificial Intelligence Circuits and Systems
Abbreviated titleAICAS 2022
Country/TerritoryKorea, Republic of
CityIncheon
Period13/06/2215/06/22

Bibliographical note

Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care

Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public.

Fingerprint

Dive into the research topics of 'Dynamic Backdoors with Global Average Pooling'. Together they form a unique fingerprint.

Cite this