The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
우리는 다양한 모델을 다양한 클래스로 오도하는 다중 대상 백도어를 제안합니다. 이 방법은 다양한 모델에 의해 다양한 클래스로 잘못 분류되는 특정 트리거를 포함하는 데이터로 여러 모델을 교육합니다. 예를 들어 공격자는 단일 다중 대상 백도어 샘플을 사용하여 모델 A를 정지 신호로, 모델 B를 좌회전 신호로, 모델 C를 우회전 신호로, 모델 D를 U-회전 신호로 인식하도록 할 수 있습니다. 방향 표시. 우리는 MNIST와 Fashion-MNIST를 실험 데이터세트로 사용하고 Tensorflow를 머신러닝 라이브러리로 사용했습니다. 실험 결과, 트리거를 적용한 제안 방법은 트리거가 없는 데이터에서는 각각 100%, 97.18%의 정확도를 유지하면서 MNIST와 Fashion-MNIST에 대해 91.1% 공격 성공률을 보이며 서로 다른 모델에 따라 서로 다른 클래스로 오분류를 일으킬 수 있음을 보여주었다.
Hyun KWON
Korea Advanced Institute of Science and Technology,Korea Military Academy
Hyunsoo YOON
Korea Advanced Institute of Science and Technology
Ki-Woong PARK
Sejong University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Hyun KWON, Hyunsoo YOON, Ki-Woong PARK, "Multi-Targeted Backdoor: Indentifying Backdoor Attack for Multiple Deep Neural Networks" in IEICE TRANSACTIONS on Information,
vol. E103-D, no. 4, pp. 883-887, April 2020, doi: 10.1587/transinf.2019EDL8170.
Abstract: We propose a multi-targeted backdoor that misleads different models to different classes. The method trains multiple models with data that include specific triggers that will be misclassified by different models into different classes. For example, an attacker can use a single multi-targeted backdoor sample to make model A recognize it as a stop sign, model B as a left-turn sign, model C as a right-turn sign, and model D as a U-turn sign. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method with a trigger can cause misclassification as different classes by different models with a 100% attack success rate on MNIST and Fashion-MNIST while maintaining the 97.18% and 91.1% accuracy, respectively, on data without a trigger.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2019EDL8170/_p
부
@ARTICLE{e103-d_4_883,
author={Hyun KWON, Hyunsoo YOON, Ki-Woong PARK, },
journal={IEICE TRANSACTIONS on Information},
title={Multi-Targeted Backdoor: Indentifying Backdoor Attack for Multiple Deep Neural Networks},
year={2020},
volume={E103-D},
number={4},
pages={883-887},
abstract={We propose a multi-targeted backdoor that misleads different models to different classes. The method trains multiple models with data that include specific triggers that will be misclassified by different models into different classes. For example, an attacker can use a single multi-targeted backdoor sample to make model A recognize it as a stop sign, model B as a left-turn sign, model C as a right-turn sign, and model D as a U-turn sign. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method with a trigger can cause misclassification as different classes by different models with a 100% attack success rate on MNIST and Fashion-MNIST while maintaining the 97.18% and 91.1% accuracy, respectively, on data without a trigger.},
keywords={},
doi={10.1587/transinf.2019EDL8170},
ISSN={1745-1361},
month={April},}
부
TY - JOUR
TI - Multi-Targeted Backdoor: Indentifying Backdoor Attack for Multiple Deep Neural Networks
T2 - IEICE TRANSACTIONS on Information
SP - 883
EP - 887
AU - Hyun KWON
AU - Hyunsoo YOON
AU - Ki-Woong PARK
PY - 2020
DO - 10.1587/transinf.2019EDL8170
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E103-D
IS - 4
JA - IEICE TRANSACTIONS on Information
Y1 - April 2020
AB - We propose a multi-targeted backdoor that misleads different models to different classes. The method trains multiple models with data that include specific triggers that will be misclassified by different models into different classes. For example, an attacker can use a single multi-targeted backdoor sample to make model A recognize it as a stop sign, model B as a left-turn sign, model C as a right-turn sign, and model D as a U-turn sign. We used MNIST and Fashion-MNIST as experimental datasets and Tensorflow as a machine learning library. Experimental results show that the proposed method with a trigger can cause misclassification as different classes by different models with a 100% attack success rate on MNIST and Fashion-MNIST while maintaining the 97.18% and 91.1% accuracy, respectively, on data without a trigger.
ER -