Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check
Publication Type
Journal Article
Publication Date
1-2022
Abstract
Backdoor attacks cause model misbehaving by first implanting backdoors in deep neural networks (DNNs) during training and then activating the backdoor via samples with triggers during inference. The compromised models could pose serious security risks to artificial intelligence systems, such as misidentifying 'stop' traffic sign into '80km/h'. In this paper, we investigate the connection characteristic between the backdoor and the trigger in DNNs and observe the fact that the backdoor is implanted via establishing a link between a cluster of neurons, representing the backdoor, and the triggers. Based on this observation, we design LinkBreaker, a new generic scheme for defending against backdoor attacks. In particular, LinkBreaker deploys a neuron consistency check mechanism for identifying compromised neuron set related to the trigger. Then, the LinkBreaker regulates the model to make predictions based on benign neuron set only and thus breaks the link between the backdoor and the trigger. Compared to previous defenses, LinkBreaker offers a more general backdoor countermeasure that is not only effective against input-agnostic backdoors but also source-specific backdoors, which the later can not be defeated by majority of state-of-the-arts. Besides, LinkBreaker is robust against adversarial examples, which, to a large extent, provides a holistic defense against adversarial example attacks on DNNs, while almost all current backdoor defenses do not have such consideration and capability. Extensive experimental evaluations on real datasets demonstrate that LinkBreaker is with high efficacy of suppressing trigger inputs while incurring no noticeable accuracy deterioration on benign inputs.
Keywords
Neurons, Training, Predictive models, Data models, Feature extraction, Artificial intelligence, Training data, Backdoor attack, defense, deep learning, AI security
Discipline
Information Security
Research Areas
Information Systems and Management; Cybersecurity
Publication
IEEE Transactions on Information Forensics and Security
Volume
17
First Page
2000
Last Page
2014
ISSN
1556-6013
Identifier
10.1109/TIFS.2022.3175616
Publisher
Institute of Electrical and Electronics Engineers
Citation
CHEN, Zhenzhu; WANG, Shang; FU, Anmin; GAO, Yansong; YU, Shui; and DENG, Robert H..
Linkbreaker: Breaking the backdoor-trigger link in DNNs via neurons consistency check. (2022). IEEE Transactions on Information Forensics and Security. 17, 2000-2014.
Available at: https://ink.library.smu.edu.sg/sis_research/7250
Additional URL
https://doi.org/10.1109/TIFS.2022.3175616