ENG
РУС
Search
Menu
About the Edition
Open Access Statement
Editorial Board
Editorial Policy
Editorial Ethics
Rules for peer-review
Rules for presentation of papers
Forms of Submitted Documents
Recommendations for the Design of References to Our Journal
Editorial Staff
Information for Subscribers
Summaries of the Issue
List of Authors
Issues
Publishers license agreement
Procedure of work with personal data
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief

Nikiforov
Vladimir O.
D.Sc., Prof.
Partners













































doi: 10.17586/2226-1494-2022-22-4-742-750

A method for protecting neural networks from computer backdoor attacks based on the trigger identification

A. B. Menisov, A. G. Lomako, A. S. Dudkin


Read the full article  ';
Article in Russian

For citation:
Menisov A.B., Lomako A.G., Dudkin A.S. A method for protecting neural networks from computer backdoor attacks based on the trigger identification. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2022, vol. 22, no. 4, pp. 742–750 (in Russian). doi: 10.17586/2226-1494-2022-22-4-742-750


Abstract
Modern technologies for the development and operation of neural networks are vulnerable to computer attacks with the introduction of software backdoors. Program backdoors can remain hidden indefinitely until activated by input of modified data containing triggers. These backdoors pose a direct threat to the security of information for all components of the artificial intelligence system. Such influences of intruders lead to a deterioration in the quality or complete cessation of the functioning of artificial intelligence systems. This paper proposes an original method for protecting neural networks, the essence of which is to create a database of ranked synthesized backdoor’s triggers of the target class of backdoor attacks. The proposed method for protecting neural networks is implemented through a sequence of protective actions: detecting a backdoor, identifying a trigger, and neutralizing a backdoor. Based on the proposed method, software and algorithmic support for testing neural networks has been developed that allows you to identify and neutralize computer backdoor attacks. Experimental studies have been carried out on various dataset-trained convolutional neural network architectures for objects such as aerial photographs (DOTA), handwritten digits (MNIST), and photographs of human faces (LFW). The decrease in the effectiveness of backdoor attacks (no more than 3 %) and small losses in the quality of the functioning of neural networks (by 8–10 % of the quality of the functioning of a neural network without a backfill) showed the success of the developed method. The use of the developed method for protecting neural networks allows information security specialists to purposefully counteract computer backdoor attacks on artificial intelligence systems and develop automated information protection tools.

Keywords: artificial intelligence, artificial neural network, information security, computer attacks, backdoor, backdoors in neural networks, synthesized triggers

Acknowledgements. The work was carried out within the framework of the grant of the President of the Russian Federation for state support of young Russian scientists — candidates of sciences MK-2485.2022.4

References
  1. Bukhanov D.G., Polyakov V.M., Redkina M.A. Detection of Malware using an artificial neural network based on adaptive resonant theory. Prikladnaya Diskretnaya Matematika, 2021, no. 52, pp. 69–82. (in Russian). https://doi.org/10.17223/20710410/52/4
  2. Massarelli L., Di Luna G.A., Petroni F., Querzoni L., Baldoni R. Investigating graph embedding neural networks with unsupervised features extraction for binary analysis.Proc. of the 2nd Workshop on Binary Analysis Research (BAR), 2019,https://dx.doi.org/10.14722/bar.2019.23020
  3. Zabelina V.A., Savchenko G.A., Chernenky I.M., Silantieva E.Yu. Detecting internet attacks using a neural network. Dynamics of Complex Systems - XXI century, 2021, vol. 15, no. 2, pp. 39–47.(in Russian). https://doi.org/10.18127/j19997493-202102-04
  4. ArkhipovaA.B., PolyakovP.A. Methodologyforconstructinganeuralfuzz ynetwork in the field ofinformationsecurity. Digital Technology Security, 2021, no. 3, pp. 43–56. (inRussian). https://doi.org/10.17212/2782-2230-2021-3-43-56
  5. Spitcyn V.G., Tcoi Iu.R. Evolving artificial neural networks. Proc. of the IV All-Russian conference of students, graduate students and young scientists "Youth and Modern Information Technologies", Tomsk, February 28 – March 2, 2006, Tomsk, 2006, pp.  411–413. (in Russian)
  6. McCulloch W.S., Pitts V. A logical calculus of the ideas immanent in nervous activity. Automata studies. Ed. by. C.E. Shannon and McCarthy. Princeton - New Jersey, Princeton univ. press, 1956.
  7. Shevskaya N.V. Explainable artificial intelligence and methods for interpreting results. Modeling, Optimization and Information Technology, 2021, vol. 9, no. 2, pp. 22–23. (in Russian). https://doi.org/10.26102/2310-6018/2021.33.2.024
  8. Xu Q., Arafin M.T., Qu G. Security of neural networks from hardware perspective: A survey and beyond.Proc. of the 26th Asia and South Pacific Design Automation Conference (ASP-DAC),2021, pp. 449–454.https://doi.org/10.1145/3394885.3431639
  9. Kravets V., Javidi B., Stern A. Defending deep neural networks from adversarial attacks on three-dimensional images by compressive sensing. Proc. of the 3D Image Acquisition and Display: Technology, Perception and Applications, 2021.
  10. Liu Y., Ma S., Aafer Y., Lee W.-C., Zhai J. Trojaning attack on neural networks. Report 17-002, 2017.
  11. Chen X., Liu C., Li B., Lu K., Song D. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv, 2017, arXiv:1712.05526. https://doi.org/10.48550/arXiv.1712.05526
  12. Li W., Yu J., Ning X., Wang P., Wei Q., Wang Y., Yang H. Hu-Fu: Hardware and software collaborative attack framework against neural networks. Proc. of the 17th IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2018, pp. 482–487. https://doi.org/10.1109/ISVLSI.2018.00093
  13. Gong X., Chen Y., Wang Q., Huang H., Meng L., Shen C., Zhang Q. Defense-resistant backdoor attacks against deep neural networks in outsourced cloud environment. IEEE Journal on Selected Areas in Communications, 2021, vol. 39, no. 8, pp. 2617–2631. https://doi.org/10.1109/JSAC.2021.3087237
  14. Wenger E., Passananti J., Bhagoji A.N., Yao Y., Zheng H., Zhao B.Y. Backdoor attacks against deep learning systems in the physical world. Proc. of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2021, pp. 6202–6211. https://doi.org/10.1109/CVPR46437.2021.00614
  15. Shahroudnejad A. A survey on understanding, visualizations, and explanation of deep neural networks. arXiv, 2021, arXiv:2102.01792. https://doi.org/10.48550/arXiv.2102.01792
  16. Wang B., Yao Y., Shan Sh., Li H., Viswanath B., Zheng H., Zhao B.Y. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. Proc. of the 40th IEEE Symposium on Security and Privacy (SP), 2019, pp. 707–723. https://doi.org/10.1109/SP.2019.00031
  17. Xia G.-S., Bai X., Ding J., Zhu Z., Belongie S., Luo J., Datcu M., Pelillo M., Zhang L. DOTA: A large-scale dataset for object detection in aerial images. Proc. of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018, pp. 3974–3983. https://doi.org/10.1109/CVPR.2018.00418
  18. Deng L. The MNIST database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine, 2012, vol. 29, no. 6, pp. 141–142. https://doi.org/10.1109/MSP.2012.2211477
  19. Huang G.B., Mattar M., Berg T., Learned-Miller E. Labeled faces in the wild: A database forstudying face recognition in unconstrained environments. Proc. of the Workshop on Faces in 'Real-Life' Images: Detection, Alignment, and Recognition, 2008.
  20. Wang J., Xiao H., Chen L., Xing J., Pan Z., Luo R., Cai X. Integrating weighted feature fusion and the spatial attention module with convolutional neural networks for automatic aircraft detection from SAR images. Remote Sensing, 2021, vol. 13, no. 5, pp. 910. https://doi.org/10.3390/rs13050910
  21. An S., Lee M., Park S., Yang H., Soet J. An ensemble of simple convolutional neural network models for MNIST digit recognition. arXiv, 2020, arXiv:2008.10400. https://doi.org/10.48550/arXiv.2008.10400
  22. Yan M., Zhao M., Xu Z., Zhang Q., Wang G., Su Z. VarGFaceNet: An efficient variable group convolutional neural network for lightweight face recognition. Proc. of the 17th IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), 2019, pp. 2647–2654. https://doi.org/10.1109/ICCVW.2019.00323
  23. Liu X., Li F., Wen B., Li Q. Removing backdoor-based watermarks in neural networks with limited data. Proc. of the 25th International Conference on Pattern Recognition (ICPR), 2021, pp. 10149–10156. https://doi.org/10.1109/ICPR48806.2021.9412684
  24. Kaviani S., Sohn I. Defense against neural trojan attacks: A survey. Neurocomputing, 2021, vol. 423, pp. 651–667. https://doi.org/10.1016/j.neucom.2020.07.133


Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License
Copyright 2001-2024 ©
Scientific and Technical Journal
of Information Technologies, Mechanics and Optics.
All rights reserved.

Яндекс.Метрика