Backdoor suppression in neural networks using input fuzzing and majority voting

Esha Sarkar; Yousif Alkindi; Michail Maniatakos

doi:10.1109/MDAT.2020.2968275

Backdoor suppression in neural networks using input fuzzing and majority voting

Esha Sarkar, Yousif Alkindi, Michail Maniatakos

Research output: Contribution to journal › Article › peer-review

Abstract

While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

Original language	English (US)
Article number	8963957
Pages (from-to)	103-110
Number of pages	8
Journal	IEEE Design and Test
Volume	37
Issue number	2
DOIs	https://doi.org/10.1109/MDAT.2020.2968275
State	Published - Apr 2020

Keywords

Defense against model backdooring
Poisoning attacks
attacks on DNNs
backdoor suppression

ASJC Scopus subject areas

Software
Hardware and Architecture
Electrical and Electronic Engineering

Access to Document

10.1109/MDAT.2020.2968275

Cite this

@article{a6e58037197a4a21a33c5fd6b02dc676,

title = "Backdoor suppression in neural networks using input fuzzing and majority voting",

abstract = "While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universit{\"a}t Wien.",

keywords = "Defense against model backdooring, Poisoning attacks, attacks on DNNs, backdoor suppression",

author = "Esha Sarkar and Yousif Alkindi and Michail Maniatakos",

note = "Funding Information: The work of Esha Sarkar was supported by the New York University (NYU) Abu Dhabi Global PhD Fellowship. The work of Yousif Alkindi was supported by the NYU Abu Dhabi Kawader Research Assistantship Program. Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2020",

month = apr,

doi = "10.1109/MDAT.2020.2968275",

language = "English (US)",

volume = "37",

pages = "103--110",

journal = "IEEE Design and Test of Computers",

issn = "2168-2356",

publisher = "IEEE Computer Society",

number = "2",

}

TY - JOUR

T1 - Backdoor suppression in neural networks using input fuzzing and majority voting

AU - Sarkar, Esha

AU - Alkindi, Yousif

AU - Maniatakos, Michail

N1 - Funding Information: The work of Esha Sarkar was supported by the New York University (NYU) Abu Dhabi Global PhD Fellowship. The work of Yousif Alkindi was supported by the NYU Abu Dhabi Kawader Research Assistantship Program. Publisher Copyright: © 2013 IEEE.

PY - 2020/4

Y1 - 2020/4

N2 - While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

AB - While inference is needed at the edge, training is typically done at the cloud. Therefore, data necessary for training a model, as well as the trained model, have to be transmitted back and forth between the edge and the cloud training infrastructure. This creates significant security issues, including the inclusion of a backdoor sent to the user without the user's knowledge. This article presents an approach where a trained model can still operate as expected, irrespective of the presence of such a backdoor. - Theocharis Theocharides, University of Cyprus - Muhammad Shafique, Technische Universität Wien.

KW - Defense against model backdooring

KW - Poisoning attacks

KW - attacks on DNNs

KW - backdoor suppression

UR - http://www.scopus.com/inward/record.url?scp=85078156551&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078156551&partnerID=8YFLogxK

U2 - 10.1109/MDAT.2020.2968275

DO - 10.1109/MDAT.2020.2968275

M3 - Article

AN - SCOPUS:85078156551

SN - 2168-2356

VL - 37

SP - 103

EP - 110

JO - IEEE Design and Test of Computers

JF - IEEE Design and Test of Computers

IS - 2

M1 - 8963957

ER -

Backdoor suppression in neural networks using input fuzzing and majority voting

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this