首页    期刊浏览 2024年11月05日 星期二
登录注册

文章基本信息

  • 标题:Trembling triggers: exploring the sensitivity of backdoors in DNN-based face recognition
  • 本地全文:下载
  • 作者:Cecilia Pasquini ; Rainer Böhme
  • 期刊名称:EURASIP Journal on Information Security
  • 印刷版ISSN:1687-4161
  • 电子版ISSN:1687-417X
  • 出版年度:2020
  • 卷号:2020
  • 期号:1
  • 页码:1
  • DOI:10.1186/s13635-020-00104-z
  • 出版社:Hindawi Publishing Corporation
  • 摘要:Backdoor attacks against supervised machine learning methods seek to modify the training samples in such a way that, at inference time, the presence of a specific pattern (trigger) in the input data causes misclassifications to a target class chosen by the adversary. Successful backdoor attacks have been presented in particular for face recognition systems based on deep neural networks (DNNs). These attacks were evaluated for identical triggers at training and inference time. However, the vulnerability to backdoor attacks in practice crucially depends on the sensitivity of the backdoored classifier to approximate trigger inputs. To assess this, we study the response of a backdoored DNN for face recognition to trigger signals that have been transformed with typical image processing operators of varying strength. Results for different kinds of geometric and color transformations suggest that in particular geometric misplacements and partial occlusions of the trigger limit the effectiveness of the backdoor attacks considered. Moreover, our analysis reveals that the spatial interaction of the trigger with the subject’s face affects the success of the attack. Experiments with physical triggers inserted in live acquisitions validate the observed response of the DNN when triggers are inserted digitally.
  • 关键词:Backdoor attacks ; Neural networks ; Adversarial machine learning
国家哲学社会科学文献中心版权所有