Dies ist eine Übersichtsseite mit Metadaten zu dieser wissenschaftlichen Arbeit. Der vollständige Artikel ist beim Verlag verfügbar.
Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch
9
Zitationen
5
Autoren
2021
Jahr
Abstract
As the curation of data for machine learning becomes increasingly automated, dataset tampering is a mounting threat. Backdoor attackers tamper with training data to embed a vulnerability in models that are trained on that data. This vulnerability is then activated at inference time by placing a "trigger" into the model's input. Typical backdoor attacks insert the trigger directly into the training data, although the presence of such an attack may be visible upon inspection. In contrast, the Hidden Trigger Backdoor Attack achieves poisoning without placing a trigger into the training data at all. However, this hidden trigger attack is ineffective at poisoning neural networks trained from scratch. We develop a new hidden trigger attack, Sleeper Agent, which employs gradient matching, data selection, and target model re-training during the crafting process. Sleeper Agent is the first hidden trigger backdoor attack to be effective against neural networks trained from scratch. We demonstrate its effectiveness on ImageNet and in black-box settings. Our implementation code can be found at https://github.com/hsouri/Sleeper-Agent.
Ähnliche Arbeiten
Rethinking the Inception Architecture for Computer Vision
2016 · 30.396 Zit.
MobileNetV2: Inverted Residuals and Linear Bottlenecks
2018 · 24.505 Zit.
CBAM: Convolutional Block Attention Module
2018 · 21.400 Zit.
An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale
2020 · 21.334 Zit.
Delving Deep into Rectifiers: Surpassing Human-Level Performance on ImageNet Classification
2015 · 18.524 Zit.