Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder
A backdoor attack is a method that causes misrecognition in a deep neural network by training it on additional data that have a specific trigger. The network will correctly recognize normal samples (which lack the specific trigger) as their proper classes but will misrecognize backdoor samples (whic...
Saved in:
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2025-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/9579062/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1832586859934384128 |
|---|---|
| author | Hyun Kwon |
| author_facet | Hyun Kwon |
| author_sort | Hyun Kwon |
| collection | DOAJ |
| description | A backdoor attack is a method that causes misrecognition in a deep neural network by training it on additional data that have a specific trigger. The network will correctly recognize normal samples (which lack the specific trigger) as their proper classes but will misrecognize backdoor samples (which contain the trigger) as target classes. In this paper, I propose a method of defense against backdoor attacks that uses a de-trigger autoencoder. In the proposed scheme, the trigger in the backdoor sample is removed using the de-trigger autoencoder, and the backdoor sample is detected from the change in the classification result. Experiments were conducted using MNIST, Fashion-MNIST, and CIFAR-10 as the experimental datasets and TensorFlow as the machine learning library. For MNIST, Fashion-MNIST, and CIFAR-10, respectively, the proposed method detected 91.5%, 82.3%, and 90.9% of the backdoor samples and had 96.1%, 89.6%, and 91.2% accuracy on legitimate samples. |
| format | Article |
| id | doaj-art-60a5826b2c8e4c5f9ec74645ed1a4a2c |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2025-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-60a5826b2c8e4c5f9ec74645ed1a4a2c2025-01-25T00:02:26ZengIEEEIEEE Access2169-35362025-01-0113111591116910.1109/ACCESS.2021.30865299579062Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger AutoencoderHyun Kwon0https://orcid.org/0000-0003-1169-9892Department of Artificial Intelligence and Data Science, Korea Military Academy, Seoul, South KoreaA backdoor attack is a method that causes misrecognition in a deep neural network by training it on additional data that have a specific trigger. The network will correctly recognize normal samples (which lack the specific trigger) as their proper classes but will misrecognize backdoor samples (which contain the trigger) as target classes. In this paper, I propose a method of defense against backdoor attacks that uses a de-trigger autoencoder. In the proposed scheme, the trigger in the backdoor sample is removed using the de-trigger autoencoder, and the backdoor sample is detected from the change in the classification result. Experiments were conducted using MNIST, Fashion-MNIST, and CIFAR-10 as the experimental datasets and TensorFlow as the machine learning library. For MNIST, Fashion-MNIST, and CIFAR-10, respectively, the proposed method detected 91.5%, 82.3%, and 90.9% of the backdoor samples and had 96.1%, 89.6%, and 91.2% accuracy on legitimate samples.https://ieeexplore.ieee.org/document/9579062/Backdoor attackdefense methoddeep neural networkde-trigger autoencoder |
| spellingShingle | Hyun Kwon Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder IEEE Access Backdoor attack defense method deep neural network de-trigger autoencoder |
| title | Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder |
| title_full | Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder |
| title_fullStr | Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder |
| title_full_unstemmed | Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder |
| title_short | Defending Deep Neural Networks Against Backdoor Attack by Using De-Trigger Autoencoder |
| title_sort | defending deep neural networks against backdoor attack by using de trigger autoencoder |
| topic | Backdoor attack defense method deep neural network de-trigger autoencoder |
| url | https://ieeexplore.ieee.org/document/9579062/ |
| work_keys_str_mv | AT hyunkwon defendingdeepneuralnetworksagainstbackdoorattackbyusingdetriggerautoencoder |