Backdoor Attacks Against Learning-Based Algorithms (針對學習算法的後門攻擊)

Li, Shaofeng, Zhu, Haojin, Wu, Wen

  • 出版商: Springer
  • 出版日期: 2024-05-30
  • 售價: $6,140
  • 貴賓價: 9.5$5,833
  • 語言: 英文
  • 頁數: 153
  • 裝訂: Hardcover - also called cloth, retail trade, or trade
  • ISBN: 3031573889
  • ISBN-13: 9783031573880
  • 相關分類: Algorithms-data-structures
  • 海外代購書籍(需單獨結帳)

相關主題

商品描述

This book introduces a new type of data poisoning attack, dubbed, backdoor attack. In backdoor attacks, an attacker can train the model with poisoned data to obtain a model that performs well on a normal input but behaves wrongly with crafted triggers. Backdoor attacks can occur in many scenarios where the training process is not entirely controlled, such as using third-party datasets, third-party platforms for training, or directly calling models provided by third parties. Due to the enormous threat that backdoor attacks pose to model supply chain security, they have received widespread attention from academia and industry. This book focuses on exploiting backdoor attacks in the three types of DNN applications, which are image classification, natural language processing, and federated learning.
Based on the observation that DNN models are vulnerable to small perturbations, this book demonstrates that steganography and regularization can be adopted to enhance the invisibility of backdoor triggers. Based on image similarity measurement, this book presents two metrics to quantitatively measure the invisibility of backdoor triggers. The invisible trigger design scheme introduced in this book achieves a balance between the invisibility and the effectiveness of backdoor attacks. In the natural language processing domain, it is difficult to design and insert a general backdoor in a manner imperceptible to humans. Any corruption to the textual data (e.g., misspelled words or randomly inserted trigger words/sentences) must retain context-awareness and readability to human inspectors. This book introduces two novel hidden backdoor attacks, targeting three major natural language processing tasks, including toxic comment detection, neural machine translation, and question answering, depending on whether the targeted NLP platform accepts raw Unicode characters.
The emerged distributed training framework, i.e., federated learning, has advantages in preserving users' privacy. It has been widely used in electronic medical applications, however, it also faced threats derived from backdoor attacks. This book presents a novel backdoor detection framework in FL-based e-Health systems. We hope this book can provide insightful lights on understanding the backdoor attacks in different types of learning-based algorithms, including computer vision, natural language processing, and federated learning. The systematic principle in this book also offers valuable guidance on the defense of backdoor attacks against future learning-based algorithms.

商品描述(中文翻譯)

本書介紹了一種新型的數據中毒攻擊,稱為後門攻擊。在後門攻擊中,攻擊者可以使用中毒數據訓練模型,以獲得在正常輸入上表現良好但在特定觸發下行為不當的模型。後門攻擊可能發生在許多訓練過程不完全受控的情境中,例如使用第三方數據集、第三方平台進行訓練,或直接調用第三方提供的模型。由於後門攻擊對模型供應鏈安全構成了巨大的威脅,因此受到了學術界和業界的廣泛關注。本書專注於在三種類型的深度神經網絡(DNN)應用中利用後門攻擊,這三種類型分別是圖像分類、自然語言處理和聯邦學習。

基於觀察到DNN模型對小擾動的脆弱性,本書展示了如何採用隱寫術和正則化來增強後門觸發器的隱蔽性。基於圖像相似性測量,本書提出了兩個指標來定量測量後門觸發器的隱蔽性。本書中介紹的隱形觸發器設計方案在隱蔽性和後門攻擊的有效性之間達成了平衡。在自然語言處理領域,設計和插入一個對人類不可察覺的通用後門是困難的。對文本數據的任何損壞(例如,拼寫錯誤的單詞或隨機插入的觸發詞/句子)必須保持對人類檢查者的上下文感知和可讀性。本書介紹了兩種新穎的隱藏後門攻擊,針對三個主要的自然語言處理任務,包括有害評論檢測、神經機器翻譯和問答,這取決於目標NLP平台是否接受原始Unicode字符。

新興的分散式訓練框架,即聯邦學習,在保護用戶隱私方面具有優勢。它已被廣泛應用於電子醫療應用中,但也面臨來自後門攻擊的威脅。本書提出了一個新穎的後門檢測框架,適用於基於FL的電子健康系統。我們希望本書能為理解不同類型的基於學習的算法中的後門攻擊提供有益的見解,包括計算機視覺、自然語言處理和聯邦學習。本書中的系統原則也為未來基於學習的算法防禦後門攻擊提供了寶貴的指導。

作者簡介

Shaofeng Li received the B.E. degree in Software Engineering from Hunan University, China, and the M.E. degree in Computer Science from Northeastern University, China, in 2014 and 2017, respectively. He received the Ph.D. degree in Computer Science from Shanghai Jiao Tong University, Canada, in 2022. Starting from 2022, he works as a Post-doctoral fellow with the Department of Mathematics and Theory, Peng Cheng Laboratory. He focuses primarily on the areas of machine learning and security, specifically exploring the robustness of machine learning models against various adversarial attacks. His work has received the ACM CCS Best Paper Award Runner-Up.
Haojin Zhu is a Professor with Department of Computer Science and Engineering, Shanghai Jiao Tong University, China. He received his B.Sc. degree (2002) from Wuhan University (China), M.Sc.(2005) degree from Shanghai Jiao Tong University (China), both in computer science and the Ph.D. in Electrical and Computer Engineering from the University of Waterloo (Canada), in 2009. He has published in more than 60 journals, including: JSAC, TDSC, TPDS, TMC, TIFS, TWC, TVT and more than 90 international conference papers, including IEEE S&P, ACM CCS, USENIX Security, ACM MOBICOM, NDSS, ACM MOBIHOC, IEEE INFOCOM, IEEE ICDCS. He received IEEE Fellow (2023), IEEE VTS Distinguished Lecturer (2022), the IEEE ComSoc Asia-Pacific Outstanding Young Researcher Award (2014) for the contribution to wireless network security and privacy, Top 100 Most Cited Chinese Papers Published in International Journals of 2014, Supervisor of Shanghai Excellent Master Thesis, and best paper awards of IEEE ICC 2007, Chinacom 2008 and best paper award runner up for Globecom 2014, WASA 2017, and ACM CCS 2021. He is leading the Network Security and Privacy Protection (NSEC) Lab.
Wen Wu received the B.E. degree in Information Engineering from South China University of Technology, Guangzhou, China, andthe M.E. degree in Electrical Engineering from University of Science and Technology of China, Hefei, China, in 2012 and 2015, respectively. He received the Ph.D. degree in Electrical and Computer Engineering from University of Waterloo, Waterloo, ON, Canada, in 2019. Starting from 2019, he works as a Post-doctoral fellow with the Department of Electrical and Computer Engineering, University of Waterloo. Currently, he is an associate professor with the Department of Mathematics and Theory, Pengcheng Laboratory. His research interests include millimeter-wave networks and AI-empowered wireless networks.
Xuemin (Sherman) Shen received the Ph.D. degree in electrical engineering from Rutgers University, New Brunswick, NJ, USA, in 1990. He is a University Professor with the Department of Electrical and Computer Engineering, University of Waterloo, Canada. His research focuses on network resource management, wireless network security, Internet of Things, 5G andbeyond, and vehicular ad hoc and sensor networks. Dr. Shen is a registered Professional Engineer of Ontario, Canada, an Engineering Institute of Canada Fellow, a Canadian Academy of Engineering Fellow, a Royal Society of Canada Fellow, a Chinese Academy of Engineering Foreign Member, and a Distinguished Lecturer of the IEEE Vehicular Technology Society and Communications Society. Dr. Shen received the Canadian Award for Telecommunications Research from the Canadian Society of Information Theory (CSIT) in 2021, the R.A. Fessenden Award in 2019 from IEEE, Canada, Award of Merit from the Federation of Chinese Canadian Professionals (Ontario) in 2019, James Evans Avant Garde Award in 2018 from the IEEE Vehicular Technology Society, Joseph LoCicero Award in 2015 and Education Award in 2017 from the IEEE Communications Society, and Technical Recognition Award from Wireless Communications Technical Committee (2019) and AHSN Technical Committee (2013). Dr. Shen is the President of the IEEE Communications Society. He was the Vice President for Technical & Educational Activities, Vice President for Publications, Member-at-Large on the Board of Governors, Chair of the Distinguished Lecturer Selection Committee, Member of IEEE Fellow Selection Committee of the ComSoc. Dr. Shen served as the Editor-in-Chief of the IEEE IoT Journal, IEEE Network, and IET Communications.

作者簡介(中文翻譯)

Shaofeng Li於2014年獲得中國湖南大學的軟體工程學士學位,並於2017年獲得中國東北大學的計算機科學碩士學位。他於2022年獲得加拿大上海交通大學的計算機科學博士學位。自2022年起,他在鵬城實驗室的數學與理論系擔任博士後研究員。他主要專注於機器學習和安全領域,特別是探索機器學習模型對各種對抗性攻擊的魯棒性。他的研究工作獲得了ACM CCS最佳論文獎的亞軍。

Haojin Zhu是中國上海交通大學計算機科學與工程系的教授。他於2002年獲得中國武漢大學的學士學位,2005年獲得上海交通大學的碩士學位,兩者均為計算機科學領域,並於2009年獲得加拿大滑鐵盧大學的電氣與計算機工程博士學位。他在超過60本期刊上發表過論文,包括JSAC、TDSC、TPDS、TMC、TIFS、TWC、TVT等,並在超過90篇國際會議上發表論文,包括IEEE S&P、ACM CCS、USENIX Security、ACM MOBICOM、NDSS、ACM MOBIHOC、IEEE INFOCOM、IEEE ICDCS等。他於2023年獲得IEEE Fellow,2022年獲得IEEE VTS傑出講者,2014年獲得IEEE ComSoc亞太區傑出青年研究者獎,以表彰他在無線網路安全和隱私方面的貢獻,並於2014年獲得中國發表的國際期刊中最被引用的前100篇論文之一,還曾獲得上海優秀碩士論文指導教師及IEEE ICC 2007、Chinacom 2008的最佳論文獎,以及Globecom 2014、WASA 2017和ACM CCS 2021的最佳論文獎亞軍。他目前領導網路安全與隱私保護(NSEC)實驗室。

Wen Wu於2012年獲得中國廣州南方科技大學的信息工程學士學位,並於2015年獲得中國科學技術大學的電氣工程碩士學位。他於2019年獲得加拿大滑鐵盧大學的電氣與計算機工程博士學位。自2019年起,他在滑鐵盧大學的電氣與計算機工程系擔任博士後研究員。目前,他是鵬城實驗室數學與理論系的副教授。他的研究興趣包括毫米波網路和人工智慧驅動的無線網路。

Xuemin (Sherman) Shen於1990年獲得美國新澤西州拉德克利夫大學的電氣工程博士學位。他是加拿大滑鐵盧大學電氣與計算機工程系的特聘教授。他的研究專注於網路資源管理、無線網路安全、物聯網、5G及其後續技術,以及車載自組網和感測器網路。Shen博士是安大略省的註冊專業工程師,加拿大工程學會會士,加拿大工程學院會士,加拿大皇家學會會士,中國工程院外籍院士,以及IEEE車輛技術學會和通訊學會的傑出講者。Shen博士於2021年獲得加拿大信息理論學會(CSIT)的電信研究獎,2019年獲得IEEE加拿大的R.A. Fessenden獎,2019年獲得安大略省華人專業人士聯合會的優異獎,2018年獲得IEEE車輛技術學會的James Evans Avant Garde獎,2015年獲得IEEE通訊學會的Joseph LoCicero獎和2017年的教育獎,以及2019年無線通訊技術委員會和2013年AHSN技術委員會的技術認可獎。Shen博士是IEEE通訊學會的會長。他曾擔任技術副會長。