Deakin University
Browse

File(s) under embargo

Robust Backdoor Detection for Deep Learning via Topological Evolution Dynamics

conference contribution
posted on 2024-09-24, 04:30 authored by X Mo, Y Zhang, LY Zhang, Wei LuoWei Luo, N Sun, S Hu, Shang GaoShang Gao, Y Xiang
A backdoor attack in deep learning inserts a hidden backdoor in the model to trigger malicious behavior upon specific input patterns. Existing detection approaches assume a metric space (for either the original inputs or their latent representations) in which normal samples and malicious samples are separable. We show that this assumption has a severe limitation by introducing a novel SSDT (Source-Specific and Dynamic-Triggers) backdoor, which obscures the difference between normal samples and malicious samples.To overcome this limitation, we move beyond looking for a perfect metric space that would work for different deep-learning models, and instead resort to more robust topological constructs. We propose TED (Topological Evolution Dynamics) as a model-agnostic basis for robust backdoor detection. The main idea of TED is to view a deep-learning model as a dynamical system that evolves inputs to outputs. In such a dynamical system, a benign input follows a natural evolution trajectory similar to other benign inputs. In contrast, a malicious sample displays a distinct trajectory, since it starts close to benign samples but eventually shifts towards the neighborhood of attacker-specified target samples to activate the backdoor.Extensive evaluations are conducted on vision and natural language datasets across different network architectures. The results demonstrate that TED not only achieves a high detection rate, but also significantly outperforms existing state-of-the-art detection approaches, particularly in addressing the sophisticated SSDT attack. The code to reproduce the results is made public on GitHub.

History

Volume

4

Pagination

2048-2066

Location

San Francisco, CA.

Open access

  • No

Start date

2024-05-19

End date

2024-05-23

ISSN

1081-6011

ISBN-13

979-8-3503-3130-1

Language

eng

Publication classification

E1 Full written paper - refereed

Title of proceedings

Proceedings of the IEEE Symposium on Security and Privacy 2024

Event

IEEE Security and Privacy. Conference (2024 : San Francisco, CA.)

Publisher

IEEE

Place of publication

Piscataway, NJ.

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC