Strip

Gao, Yansong; Xu, Change; Wang, Derui; Chen, Jinjun; Ranasinghe, Damith C.; Nepal, Surya

doi:10.1145/3359789.3359790

Cited by 344 publications

(11 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on this requirement, we determinedε by computing the initial logit and then setting a satisfying logit threshold. By forward propagation on the original network, we computed the logit of the random sample X 0 to be Z [4] = −4.8510. In this experiment, we setε = 1, which models a tweaked logit Z [4] ≥ −3.8510.…”

Section: Configuring the Parameter Spacementioning

confidence: 99%

“…By forward propagation on the original network, we computed the logit of the random sample X 0 to be Z [4] = −4.8510. In this experiment, we setε = 1, which models a tweaked logit Z [4] ≥ −3.8510. The corresponding modeled sensitivity under this setting is β ≥ 0.0131, which satisfies the detection threshold.…”

Section: Configuring the Parameter Spacementioning

confidence: 99%

“…The approach is designed specifically for backdoor-style attacks relying on a trigger. Other methods perform statistical analyses, e.g., determining the probability distribution of potential triggers [3] or of prediction results under perturbations [4]. Such analyses may not be realistic in a cloud environment.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Sensitive Samples Revisited: Detecting Neural Network Attacks Using Constraint Solvers

Docena

Wahl

Pearce

et al. 2021

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

Neural Networks are used today in numerous security-and safety-relevant domains and are, as such, a popular target of attacks that subvert their classification capabilities, by manipulating the network parameters. Prior work has introduced sensitive samples-inputs highly sensitive to parameter changes-to detect such manipulations, and proposed a gradient ascent-based approach to compute them. In this paper we offer an alternative, using symbolic constraint solvers. We model the network and a formal specification of a sensitive sample in the language of the solver and ask for a solution. This approach supports a rich class of queries, corresponding, for instance, to the presence of certain types of attacks. Unlike earlier techniques, our approach does not depend on convex search domains, or on the suitability of a starting point for the search. We address the performance limitations of constraint solvers by partitioning the search space for the solver, and exploring the partitions according to a balanced schedule that still retains completeness of the search. We demonstrate the impact of the use of solvers in terms of functionality and search efficiency, using a case study for the detection of Trojan attacks on Neural Networks.

show abstract

Section: Configuring the Parameter Spacementioning

confidence: 99%

Section: Configuring the Parameter Spacementioning

confidence: 99%

See 1 more Smart Citation

Sensitive Samples Revisited: Detecting Neural Network Attacks Using Constraint Solvers

Docena

Wahl

Pearce

et al. 2021

Electron. Proc. Theor. Comput. Sci.

View full text Add to dashboard Cite

show abstract

“…After that, several countermeasures were proposed. Most can be classified as follows: detecting a backdoor model [2,4,10], removing or disabling backdoor neurons from the backdoor model [2,8,12], or removing poison data from a poison training dataset [1]. Liu et al [8] proposed a fine-pruning countermeasure for removing backdoor neurons from a backdoor model.…”

Section: Related Workmentioning

confidence: 99%

“…Countermeasures have been proposed for backdoor attacks. Some have used approaches such as detecting backdoor models [2,4,10], removing or disabling backdoors from backdoor models [2,8,12], and removing poison data from poison training datasets [1].…”

Section: Introductionmentioning

confidence: 99%

Disabling Backdoor and Identifying Poison Data by using Knowledge Distillation in Backdoor Attacks on Deep Neural Networks

Yoshida

Fujino

2020

Proceedings of the 13th ACM Workshop on Artificial Intelligence and Security

View full text Add to dashboard Cite

Backdoor attacks are poisoning attacks and serious threats to deep neural networks. When an adversary mixes poison data into a training dataset, the training dataset is called a poison training dataset. A model trained with the poison training dataset becomes a backdoor model and it achieves high stealthiness and attack-feasibility. The backdoor model classifies only a poison image into an adversarial target class and other images into the correct classes. We propose an additional procedure to our previously proposed countermeasure against backdoor attacks by using knowledge distillation. Our procedure removes poison data from a poison training dataset and recovers the accuracy of the distillation model. Our countermeasure differs from previous ones in that it does not require detecting and identifying backdoor models, backdoor neurons, and poison data. A characteristic assumption in our defense scenario is that the defender can collect clean images without labels. A defender distills clean knowledge from a backdoor model (teacher model) to a distillation model (student model) with knowledge distillation. Subsequently, the defender removes poison-data candidates from the poison training dataset by comparing the predictions of the backdoor and distillation models. The defender fine-tunes the distillation model with the detoxified training dataset to improve classification accuracy. We evaluated our countermeasure by using two datasets. The backdoor is disabled by distillation and fine-tuning further improves the classification accuracy of the distillation model. The fine-tuning model achieved comparable accuracy to a baseline model when the number of clean images for a distillation dataset was more than 13% of the training data. Our results indicate that our countermeasure can be applied for general imageclassification tasks and that it works well whether the defender's received training dataset is a poison dataset or not. CCS CONCEPTS • Computing methodologies → Computer vision; • Security and privacy → Domain-specific security and privacy architectures.

show abstract

Machine learning and blockchain technologies for cybersecurity in connected vehicles

Ahmad,

Zia,

Naqvi

et al. 2023

WIREs Data Min & Knowl

View full text Add to dashboard Cite

Future connected and autonomous vehicles (CAVs) must be secured against cyberattacks for their everyday functions on the road so that safety of passengers and vehicles can be ensured. This article presents a holistic review of cybersecurity attacks on sensors and threats regarding multi‐modal sensor fusion. A comprehensive review of cyberattacks on intra‐vehicle and inter‐vehicle communications is presented afterward. Besides the analysis of conventional cybersecurity threats and countermeasures for CAV systems, a detailed review of modern machine learning, federated learning, and blockchain approach is also conducted to safeguard CAVs. Machine learning and data mining‐aided intrusion detection systems and other countermeasures dealing with these challenges are elaborated at the end of the related section. In the last section, research challenges and future directions are identified.This article is categorized under: Commercial, Legal, and Ethical Issues > Security and Privacy Technologies > Machine Learning Technologies > Internet of Things

show abstract

Strip

Cited by 344 publications

References 33 publications

Sensitive Samples Revisited: Detecting Neural Network Attacks Using Constraint Solvers

Sensitive Samples Revisited: Detecting Neural Network Attacks Using Constraint Solvers

Disabling Backdoor and Identifying Poison Data by using Knowledge Distillation in Backdoor Attacks on Deep Neural Networks

Machine learning and blockchain technologies for cybersecurity in connected vehicles

Contact Info

Product

Resources

About