Latent space-based backdoor attacks against deep neural networks

Adrian Kristanto, Shuo Wang, Carsten Rudolph

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

Abstract

The outstanding performance of modern deep learning systems resulted in their widespread adoption in various application domains, which include security-critical applications. However, recent works have shown that these systems are vulnerable to backdoor attacks. This paper proposed a novel approach to perform latent backdoor attacks. Instead of designing the exogenetic trigger backdoor on the pixel space, which has been done by existing works, this paper explored the connection between latent space manipulation and endogenic backdoor trigger generation by utilising deep generative models to generate the backdoor trigger in the latent space. The effectiveness of the proposed attack is demonstrated on several neural network architectures trained on three well-known datasets, which are MNIST, CIFAR-10 and GTSRB. This study is undertaken to provide a new viewpoint for better understanding the endogenic vulnerability of the deep neural networks due to the lack of training data and test data, instead of creating new exogenetic misclassification behaviours for existing backdoor attacks.

Original languageEnglish
Title of host publication2022 International Joint Conference on Neural Networks, IJCNN 2022 - Proceedings
EditorsMarco Gori, Alessandro Sperduti
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages10
ISBN (Electronic)9781728186719
ISBN (Print)9781665495264
DOIs
Publication statusPublished - 2022
EventIEEE International Joint Conference on Neural Networks 2022 - Padua, Italy
Duration: 18 Jul 202223 Jul 2022
https://ieeexplore.ieee.org/xpl/conhome/9891857/proceeding (Proceedings)

Publication series

NameProceedings of the International Joint Conference on Neural Networks
PublisherIEEE, Institute of Electrical and Electronics Engineers
Volume2022-July
ISSN (Print)2161-4393
ISSN (Electronic)2161-4407

Conference

ConferenceIEEE International Joint Conference on Neural Networks 2022
Abbreviated titleIJCNN 2022
Country/TerritoryItaly
CityPadua
Period18/07/2223/07/22
Internet address

Keywords

  • Backdoor attack
  • deep neural networks
  • disentangled learning
  • generation
  • latent representation

Cite this