Backdoor suppression in neural networks using input fuzzing and majority voting

Esha Sarkar; Yousif Alkindi; Michail Maniatakos

doi:10.1109/MDAT.2020.2968275

Backdoor suppression in neural networks using input fuzzing and majority voting

Esha Sarkar, Yousif Alkindi, Michail Maniatakos

Research output: Contribution to journal › Article › peer-review

Abstract

While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

Original language	English (US)
Article number	8963957
Pages (from-to)	103-110
Number of pages	8
Journal	IEEE Design and Test
Volume	37
Issue number	2
DOIs	https://doi.org/10.1109/MDAT.2020.2968275
State	Published - Apr 2020

Keywords

Defense against model backdooring
Poisoning attacks
attacks on DNNs
backdoor suppression

ASJC Scopus subject areas

Software
Hardware and Architecture
Electrical and Electronic Engineering

Access to Document

10.1109/MDAT.2020.2968275

Cite this

@article{a6e58037197a4a21a33c5fd6b02dc676,

title = "Backdoor suppression in neural networks using input fuzzing and majority voting",

abstract = "While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universit{\"a}t Wien.",

keywords = "Defense against model backdooring, Poisoning attacks, attacks on DNNs, backdoor suppression",

author = "Esha Sarkar and Yousif Alkindi and Michail Maniatakos",

note = "Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2020",

month = apr,

doi = "10.1109/MDAT.2020.2968275",

language = "English (US)",

volume = "37",

pages = "103--110",

journal = "IEEE Design and Test",

issn = "2168-2356",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - Backdoor suppression in neural networks using input fuzzing and majority voting

AU - Sarkar, Esha

AU - Alkindi, Yousif

AU - Maniatakos, Michail

PY - 2020/4

Y1 - 2020/4

N2 - While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

AB - While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

KW - Defense against model backdooring

KW - Poisoning attacks

KW - attacks on DNNs

KW - backdoor suppression

UR - http://www.scopus.com/inward/record.url?scp=85078156551&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078156551&partnerID=8YFLogxK

U2 - 10.1109/MDAT.2020.2968275

DO - 10.1109/MDAT.2020.2968275

M3 - Article

AN - SCOPUS:85078156551

SN - 2168-2356

VL - 37

SP - 103

EP - 110

JO - IEEE Design and Test

JF - IEEE Design and Test

IS - 2

M1 - 8963957

ER -

Backdoor suppression in neural networks using input fuzzing and majority voting

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this