TY - GEN
T1 - Optimal Smoothing Distribution Exploration for Backdoor Neutralization in Deep Learning-based Traffic Systems
AU - Wang, Yue
AU - Li, Wenqing
AU - Maniatakos, Michail
AU - Jabari, Saif Eddin
N1 - Publisher Copyright:
© 2024 Australian & New Zealand Control Conference (ANZCC).
PY - 2024
Y1 - 2024
N2 - Deep Reinforcement Learning (DRL) enhances the efficiency of Autonomous Vehicles (AV), but also makes them susceptible to backdoor attacks that can result in traffic congestion or collisions. Backdoor functionality is typically incorporated by contaminating training datasets with covert malicious data to maintain high precision on genuine inputs while inducing the desired (malicious) outputs for specific inputs chosen by adversaries. Our proposed method adds well-designed noise to the input to neutralize backdoors. The approach involves learning an optimal smoothing (noise) distribution to preserve the normal functionality of genuine inputs while neutralizing backdoors. By doing so, the resulting model is expected to be more resilient against backdoor attacks while maintaining high accuracy on genuine inputs. The effectiveness of the proposed method is verified on a simulated traffic system based on a microscopic traffic simulator, where experimental results showcase that the smoothed traffic controller can neutralize all trigger samples and maintain the performance of relieving traffic congestion.
AB - Deep Reinforcement Learning (DRL) enhances the efficiency of Autonomous Vehicles (AV), but also makes them susceptible to backdoor attacks that can result in traffic congestion or collisions. Backdoor functionality is typically incorporated by contaminating training datasets with covert malicious data to maintain high precision on genuine inputs while inducing the desired (malicious) outputs for specific inputs chosen by adversaries. Our proposed method adds well-designed noise to the input to neutralize backdoors. The approach involves learning an optimal smoothing (noise) distribution to preserve the normal functionality of genuine inputs while neutralizing backdoors. By doing so, the resulting model is expected to be more resilient against backdoor attacks while maintaining high accuracy on genuine inputs. The effectiveness of the proposed method is verified on a simulated traffic system based on a microscopic traffic simulator, where experimental results showcase that the smoothed traffic controller can neutralize all trigger samples and maintain the performance of relieving traffic congestion.
UR - http://www.scopus.com/inward/record.url?scp=85186525955&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85186525955&partnerID=8YFLogxK
U2 - 10.1109/ANZCC59813.2024.10432866
DO - 10.1109/ANZCC59813.2024.10432866
M3 - Conference contribution
AN - SCOPUS:85186525955
T3 - 2024 Australian and New Zealand Control Conference, ANZCC 2024
SP - 115
EP - 120
BT - 2024 Australian and New Zealand Control Conference, ANZCC 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 Australian and New Zealand Control Conference, ANZCC 2024
Y2 - 1 February 2024 through 2 February 2024
ER -