English
Related papers

Related papers: Partial train and isolate, mitigate backdoor attac…

200 papers

Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained…

Cryptography and Security · Computer Science 2024-04-02 Shanglun Feng , Florian Tramèr

DNNs' demand for massive data forces practitioners to collect data from the Internet without careful check due to the unacceptable cost, which brings potential risks of backdoor attacks. A backdoored model always predicts a target class in…

Machine Learning · Computer Science 2022-02-23 Yinghua Gao , Dongxian Wu , Jingfeng Zhang , Guanhao Gan , Shu-Tao Xia , Gang Niu , Masashi Sugiyama

Deep neural networks (DNNs) are vulnerable to "backdoor" poisoning attacks, in which an adversary implants a secret trigger into an otherwise normally functioning model. Detection of backdoors in trained models without access to the…

Machine Learning · Computer Science 2021-03-19 Todd Huster , Emmanuel Ekwedike

Recent studies have revealed that deep neural networks (DNNs) are vulnerable to backdoor attacks, where attackers embed hidden backdoors in the DNN model by poisoning a few training samples. The attacked model behaves normally on benign…

Cryptography and Security · Computer Science 2022-02-09 Kunzhe Huang , Yiming Li , Baoyuan Wu , Zhan Qin , Kui Ren

Neural networks are vulnerable to backdoor poisoning attacks, where the attackers maliciously poison the training set and insert triggers into the test input to change the prediction of the victim model. Existing defenses for backdoor…

Cryptography and Security · Computer Science 2024-05-21 Yuhao Zhang , Aws Albarghouthi , Loris D'Antoni

Machine learning is vulnerable to adversarial manipulation. Previous literature has demonstrated that at the training stage attackers can manipulate data and data sampling procedures to control model behaviour. A common attack goal is to…

Machine Learning · Computer Science 2022-06-17 Mikel Bober-Irizar , Ilia Shumailov , Yiren Zhao , Robert Mullins , Nicolas Papernot

Deep learning models have consistently outperformed traditional machine learning models in various classification tasks, including image classification. As such, they have become increasingly prevalent in many real world applications…

Cryptography and Security · Computer Science 2018-08-31 Cong Liao , Haoti Zhong , Anna Squicciarini , Sencun Zhu , David Miller

Backdoor data poisoning is an emerging form of adversarial attack usually against deep neural network image classifiers. The attacker poisons the training set with a relatively small set of images from one (or several) source class(es),…

Machine Learning · Computer Science 2020-10-16 Zhen Xiang , David J. Miller , George Kesidis

Large pre-trained models have achieved notable success across a range of downstream tasks. However, recent research shows that a type of adversarial attack ($\textit{i.e.,}$ backdoor attack) can manipulate the behavior of machine learning…

Artificial Intelligence · Computer Science 2024-10-29 Dongliang Guo , Mengxuan Hu , Zihan Guan , Junfeng Guo , Thomas Hartvigsen , Sheng Li

Deep learning models have achieved high performance on many tasks, and thus have been applied to many security-critical scenarios. For example, deep learning-based face recognition systems have been used to authenticate users to access many…

Cryptography and Security · Computer Science 2017-12-18 Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , Dawn Song

Modern NLP models are often trained on public datasets drawn from diverse sources, rendering them vulnerable to data poisoning attacks. These attacks can manipulate the model's behavior in ways engineered by the attacker. One such tactic…

Computation and Language · Computer Science 2024-05-21 Xuanli He , Qiongkai Xu , Jun Wang , Benjamin I. P. Rubinstein , Trevor Cohn

Data-poisoning backdoor attacks are serious security threats to machine learning models, where an adversary can manipulate the training dataset to inject backdoors into models. In this paper, we focus on in-training backdoor defense, aiming…

Cryptography and Security · Computer Science 2024-10-16 Shaokui Wei , Hongyuan Zha , Baoyuan Wu

Pre-trained general-purpose language models have been a dominating component in enabling real-world natural language processing (NLP) applications. However, a pre-trained model with backdoor can be a severe threat to the applications. Most…

Computation and Language · Computer Science 2021-11-02 Lujia Shen , Shouling Ji , Xuhong Zhang , Jinfeng Li , Jing Chen , Jie Shi , Chengfang Fang , Jianwei Yin , Ting Wang

It is commonplace to produce application-specific models by fine-tuning large pre-trained models using a small bespoke dataset. The widespread availability of foundation model checkpoints on the web poses considerable risks, including the…

Cryptography and Security · Computer Science 2024-04-02 Yuxin Wen , Leo Marchyok , Sanghyun Hong , Jonas Geiping , Tom Goldstein , Nicholas Carlini

Although deep neural networks (DNNs) have made rapid progress in recent years, they are vulnerable in adversarial environments. A malicious backdoor could be embedded in a model by poisoning the training dataset, whose intention is to make…

Cryptography and Security · Computer Science 2021-03-25 Yinpeng Dong , Xiao Yang , Zhijie Deng , Tianyu Pang , Zihao Xiao , Hang Su , Jun Zhu

Backdoor attacks change a small portion of training data by introducing hand-crafted triggers and rewiring the corresponding labels towards a desired target class. Training on such data injects a backdoor which causes malicious inference in…

Machine Learning · Computer Science 2024-09-05 Ivan Sabolić , Ivan Grubišić , Siniša Šegvić

In a backdoor attack, an adversary inserts maliciously constructed backdoor examples into a training set to make the resulting model vulnerable to manipulation. Defending against such attacks typically involves viewing these inserted…

Cryptography and Security · Computer Science 2023-07-20 Alaa Khaddaj , Guillaume Leclerc , Aleksandar Makelov , Kristian Georgiev , Hadi Salman , Andrew Ilyas , Aleksander Madry

Federated learning allows multiple users to collaboratively train a shared classification model while preserving data privacy. This approach, where model updates are aggregated by a central server, was shown to be vulnerable to poisoning…

Machine Learning · Computer Science 2020-12-17 Chien-Lun Chen , Leana Golubchik , Marco Paolieri

Recently, advanced NLP models have seen a surge in the usage of various applications. This raises the security threats of the released models. In addition to the clean models' unintentional weaknesses, {\em i.e.,} adversarial attacks, the…

Computation and Language · Computer Science 2021-01-18 Lichao Sun

Machine learning systems are vulnerable to backdoor attacks, where attackers manipulate model behavior through data tampering or architectural modifications. Traditional backdoor attacks involve injecting malicious samples with specific…

Cryptography and Security · Computer Science 2025-09-24 Yuan Ma , Jiankang Wei , Yilun Lyu , Kehao Chen , Jingtong Huang