An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks
作者: Ninghao Liu , Xia Hu , Mengnan Du , Fan Yang , Ruixiang Tang
DOI:
关键词:
摘要: With the widespread use of deep neural networks (DNNs) in high-stake applications, security problem DNN models has received extensive attention. In this paper, we investigate a specific called trojan attack, which aims to attack deployed systems relying on hidden trigger patterns inserted by malicious hackers. We propose training-free approach is different from previous work, trojaned behaviors are injected retraining model poisoned dataset. Specifically, do not change parameters original but insert tiny module (TrojanNet) into target model. The infected with can misclassify inputs label when stamped special triggers. proposed TrojanNet several nice properties including (1) it activates and keeps silent for other signals, (2) model-agnostic could be most DNNs, dramatically expanding its scenarios, (3) mechanism saves massive training efforts comparing conventional methods. experimental results show that inject all labels simultaneously (all-label attack) achieves 100% success rate without affecting accuracy tasks. Experimental analysis further demonstrates state-of-the-art detection algorithms fail detect attack. code available at https URL.
arxiv.org
harvard.edu参考文章(30)
Diederik P. Kingma, Jimmy Ba, Adam: A Method for Stochastic Optimization arXiv: Learning. ,(2014)
Lior Wolf, Tal Hassner, Itay Maoz, Face recognition in unconstrained videos with matched background similarity CVPR 2011. pp. 529- 534 ,(2011) , 10.1109/CVPR.2011.5995566
Christophe Leys, Christophe Ley, Olivier Klein, Philippe Bernard, Laurent Licata, Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median Journal of Experimental Social Psychology. ,vol. 49, pp. 764- 766 ,(2013) , 10.1016/J.JESP.2013.03.013
J. Stallkamp, M. Schlipsing, J. Salmen, C. Igel, 2012 Special Issue: Man vs. computer: Benchmarking machine learning algorithms for traffic sign recognition Neural Networks. ,vol. 32, pp. 323- 332 ,(2012) , 10.1016/J.NEUNET.2012.02.016
Jia Deng, Wei Dong, Richard Socher, Li-Jia Li, Kai Li, Li Fei-Fei, ImageNet: A large-scale hierarchical image database computer vision and pattern recognition. pp. 248- 255 ,(2009) , 10.1109/CVPR.2009.5206848
Chenyi Chen, Ari Seff, Alain Kornhauser, Jianxiong Xiao, None, DeepDriving: Learning Affordance for Direct Perception in Autonomous Driving 2015 IEEE International Conference on Computer Vision (ICCV). pp. 2722- 2730 ,(2015) , 10.1109/ICCV.2015.312
Alex Graves, Abdel-rahman Mohamed, Geoffrey Hinton, Speech recognition with deep recurrent neural networks international conference on acoustics, speech, and signal processing. pp. 6645- 6649 ,(2013) , 10.1109/ICASSP.2013.6638947
Nicolas Pinto, Zak Stone, Todd Zickler, David Cox, Scaling up biologically-inspired computer vision: A case study in unconstrained face recognition on facebook computer vision and pattern recognition. pp. 35- 42 ,(2011) , 10.1109/CVPRW.2011.5981788
Yoshua Bengio, Jérôme Louradour, Ronan Collobert, Jason Weston, Curriculum learning Proceedings of the 26th Annual International Conference on Machine Learning - ICML '09. pp. 41- 48 ,(2009) , 10.1145/1553374.1553380
Omkar M. Parkhi, Andrea Vedaldi, Andrew Zisserman, Deep face recognition british machine vision conference. ,(2015) , 10.5244/C.29.41