Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
8-2022
Abstract
Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be embedded with a backdoor such that a target output is almost always generated in the presence of a trigger. Existing defense approaches mostly focus on detecting whether a neural network is ‘backdoored’ based on heuristics, e.g., activation patterns. To the best of our knowledge, the only line of work which certifies the absence of backdoor is based on randomized smoothing, which is known to significantly reduce neural network performance. In this work, we propose an approach to verify whether a given neural network is free of backdoor with a certain level of success rate. Our approach integrates statistical sampling as well as abstract interpretation. The experiment results show that our approach effectively verifies the absence of backdoor or generates backdoor triggers.
Discipline
Information Security
Research Areas
Cybersecurity
Publication
Computer Aided Verification: 34th International Conference, CAV 2022, Haifa, Israel, August 7-10: Proceedings
Volume
13371
First Page
171
Last Page
192
ISBN
9783031131851
Identifier
10.1007/978-3-031-13185-1_9
Publisher
Springer
City or Country
Cham
Citation
PHAM, Long Hong and SUN, Jun.
Verifying neural networks against backdoor attacks. (2022). Computer Aided Verification: 34th International Conference, CAV 2022, Haifa, Israel, August 7-10: Proceedings. 13371, 171-192.
Available at: https://ink.library.smu.edu.sg/sis_research/7279
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1007/978-3-031-13185-1_9