Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

8-2022

Abstract

Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be embedded with a backdoor such that a target output is almost always generated in the presence of a trigger. Existing defense approaches mostly focus on detecting whether a neural network is ‘backdoored’ based on heuristics, e.g., activation patterns. To the best of our knowledge, the only line of work which certifies the absence of backdoor is based on randomized smoothing, which is known to significantly reduce neural network performance. In this work, we propose an approach to verify whether a given neural network is free of backdoor with a certain level of success rate. Our approach integrates statistical sampling as well as abstract interpretation. The experiment results show that our approach effectively verifies the absence of backdoor or generates backdoor triggers.

Discipline

Information Security

Research Areas

Cybersecurity

Publication

Computer Aided Verification: 34th International Conference, CAV 2022, Haifa, Israel, August 7-10: Proceedings

Volume

13371

First Page

171

Last Page

192

ISBN

9783031131851

Identifier

10.1007/978-3-031-13185-1_9

Publisher

Springer

City or Country

Cham

Additional URL

https://doi.org/10.1007/978-3-031-13185-1_9

Share

COinS