Menu
Publications
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
Editor-in-Chief
Nikiforov
Vladimir O.
D.Sc., Prof.
Partners
doi: 10.17586/2226-1494-2022-22-4-742-750
A method for protecting neural networks from computer backdoor attacks based on the trigger identification
Read the full article ';
Article in Russian
For citation:
Abstract
For citation:
Menisov A.B., Lomako A.G., Dudkin A.S. A method for protecting neural networks from computer backdoor attacks based on the trigger identification. Scientific and Technical Journal of Information Technologies, Mechanics and Optics, 2022, vol. 22, no. 4, pp. 742–750 (in Russian). doi: 10.17586/2226-1494-2022-22-4-742-750
Abstract
Modern technologies for the development and operation of neural networks are vulnerable to computer attacks with the introduction of software backdoors. Program backdoors can remain hidden indefinitely until activated by input of modified data containing triggers. These backdoors pose a direct threat to the security of information for all components of the artificial intelligence system. Such influences of intruders lead to a deterioration in the quality or complete cessation of the functioning of artificial intelligence systems. This paper proposes an original method for protecting neural networks, the essence of which is to create a database of ranked synthesized backdoor’s triggers of the target class of backdoor attacks. The proposed method for protecting neural networks is implemented through a sequence of protective actions: detecting a backdoor, identifying a trigger, and neutralizing a backdoor. Based on the proposed method, software and algorithmic support for testing neural networks has been developed that allows you to identify and neutralize computer backdoor attacks. Experimental studies have been carried out on various dataset-trained convolutional neural network architectures for objects such as aerial photographs (DOTA), handwritten digits (MNIST), and photographs of human faces (LFW). The decrease in the effectiveness of backdoor attacks (no more than 3 %) and small losses in the quality of the functioning of neural networks (by 8–10 % of the quality of the functioning of a neural network without a backfill) showed the success of the developed method. The use of the developed method for protecting neural networks allows information security specialists to purposefully counteract computer backdoor attacks on artificial intelligence systems and develop automated information protection tools.
Keywords: artificial intelligence, artificial neural network, information security, computer attacks, backdoor, backdoors in neural
networks, synthesized triggers
Acknowledgements. The work was carried out within the framework of the grant of the President of the Russian Federation for state support of young Russian scientists — candidates of sciences MK-2485.2022.4
References
Acknowledgements. The work was carried out within the framework of the grant of the President of the Russian Federation for state support of young Russian scientists — candidates of sciences MK-2485.2022.4
References
-
Bukhanov D.G., Polyakov V.M., Redkina M.A. Detection of Malware using an artificial neural network based on adaptive resonant theory. Prikladnaya Diskretnaya Matematika, 2021, no. 52, pp. 69–82. (in Russian). https://doi.org/10.17223/20710410/52/4
-
Massarelli L., Di Luna G.A., Petroni F., Querzoni L., Baldoni R. Investigating graph embedding neural networks with unsupervised features extraction for binary analysis.Proc. of the 2nd Workshop on Binary Analysis Research (BAR), 2019,https://dx.doi.org/10.14722/bar.2019.23020
-
Zabelina V.A., Savchenko G.A., Chernenky I.M., Silantieva E.Yu. Detecting internet attacks using a neural network. Dynamics of Complex Systems - XXI century, 2021, vol. 15, no. 2, pp. 39–47.(in Russian). https://doi.org/10.18127/j19997493-202102-04
-
ArkhipovaA.B., PolyakovP.A. Methodologyforconstructinganeuralfuzz ynetwork in the field ofinformationsecurity. Digital Technology Security, 2021, no. 3, pp. 43–56. (inRussian). https://doi.org/10.17212/2782-2230-2021-3-43-56
-
Spitcyn V.G., Tcoi Iu.R. Evolving artificial neural networks. Proc. of the IV All-Russian conference of students, graduate students and young scientists "Youth and Modern Information Technologies", Tomsk, February 28 – March 2, 2006, Tomsk, 2006, pp. 411–413. (in Russian)
-
McCulloch W.S., Pitts V. A logical calculus of the ideas immanent in nervous activity. Automata studies. Ed. by. C.E. Shannon and McCarthy. Princeton - New Jersey, Princeton univ. press, 1956.
-
Shevskaya N.V. Explainable artificial intelligence and methods for interpreting results. Modeling, Optimization and Information Technology, 2021, vol. 9, no. 2, pp. 22–23. (in Russian). https://doi.org/10.26102/2310-6018/2021.33.2.024
-
Xu Q., Arafin M.T., Qu G. Security of neural networks from hardware perspective: A survey and beyond.Proc. of the 26th Asia and South Pacific Design Automation Conference (ASP-DAC),2021, pp. 449–454.https://doi.org/10.1145/3394885.3431639
-
Kravets V., Javidi B., Stern A. Defending deep neural networks from adversarial attacks on three-dimensional images by compressive sensing. Proc. of the 3D Image Acquisition and Display: Technology, Perception and Applications, 2021.
-
Liu Y., Ma S., Aafer Y., Lee W.-C., Zhai J. Trojaning attack on neural networks. Report 17-002, 2017.
-
Chen X., Liu C., Li B., Lu K., Song D. Targeted backdoor attacks on deep learning systems using data poisoning. arXiv, 2017, arXiv:1712.05526. https://doi.org/10.48550/arXiv.1712.05526
-
Li W., Yu J., Ning X., Wang P., Wei Q., Wang Y., Yang H. Hu-Fu: Hardware and software collaborative attack framework against neural networks. Proc. of the 17th IEEE Computer Society Annual Symposium on VLSI (ISVLSI), 2018, pp. 482–487. https://doi.org/10.1109/ISVLSI.2018.00093
-
Gong X., Chen Y., Wang Q., Huang H., Meng L., Shen C., Zhang Q. Defense-resistant backdoor attacks against deep neural networks in outsourced cloud environment. IEEE Journal on Selected Areas in Communications, 2021, vol. 39, no. 8, pp. 2617–2631. https://doi.org/10.1109/JSAC.2021.3087237
-
Wenger E., Passananti J., Bhagoji A.N., Yao Y., Zheng H., Zhao B.Y. Backdoor attacks against deep learning systems in the physical world. Proc. of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2021, pp. 6202–6211. https://doi.org/10.1109/CVPR46437.2021.00614
-
Shahroudnejad A. A survey on understanding, visualizations, and explanation of deep neural networks. arXiv, 2021, arXiv:2102.01792. https://doi.org/10.48550/arXiv.2102.01792
-
Wang B., Yao Y., Shan Sh., Li H., Viswanath B., Zheng H., Zhao B.Y. Neural cleanse: Identifying and mitigating backdoor attacks in neural networks. Proc. of the 40th IEEE Symposium on Security and Privacy (SP), 2019, pp. 707–723. https://doi.org/10.1109/SP.2019.00031
-
Xia G.-S., Bai X., Ding J., Zhu Z., Belongie S., Luo J., Datcu M., Pelillo M., Zhang L. DOTA: A large-scale dataset for object detection in aerial images. Proc. of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2018, pp. 3974–3983. https://doi.org/10.1109/CVPR.2018.00418
-
Deng L. The MNIST database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine, 2012, vol. 29, no. 6, pp. 141–142. https://doi.org/10.1109/MSP.2012.2211477
-
Huang G.B., Mattar M., Berg T., Learned-Miller E. Labeled faces in the wild: A database forstudying face recognition in unconstrained environments. Proc. of the Workshop on Faces in 'Real-Life' Images: Detection, Alignment, and Recognition, 2008.
-
Wang J., Xiao H., Chen L., Xing J., Pan Z., Luo R., Cai X. Integrating weighted feature fusion and the spatial attention module with convolutional neural networks for automatic aircraft detection from SAR images. Remote Sensing, 2021, vol. 13, no. 5, pp. 910. https://doi.org/10.3390/rs13050910
-
An S., Lee M., Park S., Yang H., Soet J. An ensemble of simple convolutional neural network models for MNIST digit recognition. arXiv, 2020, arXiv:2008.10400. https://doi.org/10.48550/arXiv.2008.10400
-
Yan M., Zhao M., Xu Z., Zhang Q., Wang G., Su Z. VarGFaceNet: An efficient variable group convolutional neural network for lightweight face recognition. Proc. of the 17th IEEE/CVF International Conference on Computer Vision Workshops (ICCVW), 2019, pp. 2647–2654. https://doi.org/10.1109/ICCVW.2019.00323
-
Liu X., Li F., Wen B., Li Q. Removing backdoor-based watermarks in neural networks with limited data. Proc. of the 25th International Conference on Pattern Recognition (ICPR), 2021, pp. 10149–10156. https://doi.org/10.1109/ICPR48806.2021.9412684
-
Kaviani S., Sohn I. Defense against neural trojan attacks: A survey. Neurocomputing, 2021, vol. 423, pp. 651–667. https://doi.org/10.1016/j.neucom.2020.07.133