Netinfo Security ›› 2021, Vol. 21 ›› Issue (5): 82-89.doi: 10.3969/j.issn.1671-1122.2021.05.010

Previous Articles     Next Articles

An Improved Method of Backdoor Attack in DNN

REN Shixuan, WANG Maoyu, ZHAO Hui()   

  1. School of Cyber Science and Engineering, Sichuan University, Chengdu 610065, China
  • Received:2020-12-28 Online:2021-05-10 Published:2021-06-22
  • Contact: ZHAO Hui E-mail:303031725@qq.com

Abstract:

Trigger generation network is the key algorithm of backdoor attack in deep neural network. The existing trigger generation networks have the two main problems: First, the candidate dataset of trigger uses static manual selection, and doesn’t consider the sensitivity of candidate dataset. Therefore, it has redundant data. Second, the trigger generation network only considers how to activate the target neuron, and does not consider the anti-detection problem of the generated triggers. Aiming at the problem of redundancy of candidate data sets, this paper uses sensitivity analysis methods to select data sets that are more sensitive to the target neuron to reduce redundant data. In the face of the existing trigger detection methods, the improved trigger generation network can ensure the accuracy of the attack, by designing the clustering result and randomization confusion as a comprehensive punishment method, the generated trigger can bypass the detection. Experimental results show that the trigger generated by this method can maintain a high attack accuracy rate. The results also show a low attack detection rate in the cluster detection method and a high attack rejection rate in the STRIP perturbation detection method.

Key words: backdoor attack in deep neural network, trigger generation network, targe tneuron, trigger

CLC Number: