Invisible Encoded Backdoor attack on DNNs using Conditional GAN

Iram Arshad; Yuansong Qiao; Brian Lee; Yuhang Ye

doi:10.1109/ICCE56470.2023.10043484

Invisible Encoded Backdoor attack on DNNs using Conditional GAN

Iram Arshad, Yuansong Qiao, Brian Lee, Yuhang Ye

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

4 Citations (Scopus)

Abstract

Deep Learning (DL) models deliver superior performance and have achieved remarkable results for classification and vision tasks. However, recent research focuses on exploring these Deep Neural Networks (DNNs) weaknesses as these can be vulnerable due to transfer learning and outsourced training data. This paper investigates the feasibility of generating a stealthy invisible backdoor attack during the training phase of deep learning models. For developing the poison dataset, an interpolation technique is used to corrupt the sub-feature space of the conditional generative adversarial network. Then, the generated poison dataset is mixed with the clean dataset to corrupt the training images dataset. The experiment results show that by injecting a 3% poison dataset combined with the clean dataset, the DL models can effectively fool with a high degree of model accuracy.

Original language	English
Title of host publication	2023 IEEE International Conference on Consumer Electronics, ICCE 2023
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781665491303
DOIs	https://doi.org/10.1109/ICCE56470.2023.10043484
Publication status	Published - 2023
Event	2023 IEEE International Conference on Consumer Electronics, ICCE 2023 - Las Vegas, United States Duration: 6 Jan 2023 → 8 Jan 2023

Publication series

Name	Digest of Technical Papers - IEEE International Conference on Consumer Electronics
Volume	2023-January
ISSN (Print)	0747-668X

Conference

Conference	2023 IEEE International Conference on Consumer Electronics, ICCE 2023
Country/Territory	United States
City	Las Vegas
Period	6/01/23 → 8/01/23

Keywords

Backdoor Attack
Conditional Generative Adversarial Network
Image Synthesis

Access to Document

10.1109/ICCE56470.2023.10043484

Cite this

Arshad, I., Qiao, Y., Lee, B., & Ye, Y. (2023). Invisible Encoded Backdoor attack on DNNs using Conditional GAN. In 2023 IEEE International Conference on Consumer Electronics, ICCE 2023 (Digest of Technical Papers - IEEE International Conference on Consumer Electronics; Vol. 2023-January). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICCE56470.2023.10043484

@inproceedings{baef4a9725f9402cae3bcde35dcc4bc6,

title = "Invisible Encoded Backdoor attack on DNNs using Conditional GAN",

abstract = "Deep Learning (DL) models deliver superior performance and have achieved remarkable results for classification and vision tasks. However, recent research focuses on exploring these Deep Neural Networks (DNNs) weaknesses as these can be vulnerable due to transfer learning and outsourced training data. This paper investigates the feasibility of generating a stealthy invisible backdoor attack during the training phase of deep learning models. For developing the poison dataset, an interpolation technique is used to corrupt the sub-feature space of the conditional generative adversarial network. Then, the generated poison dataset is mixed with the clean dataset to corrupt the training images dataset. The experiment results show that by injecting a 3% poison dataset combined with the clean dataset, the DL models can effectively fool with a high degree of model accuracy.",

keywords = "Backdoor Attack, Conditional Generative Adversarial Network, Image Synthesis",

author = "Iram Arshad and Yuansong Qiao and Brian Lee and Yuhang Ye",

note = "Publisher Copyright: {\textcopyright} 2023 IEEE.; 2023 IEEE International Conference on Consumer Electronics, ICCE 2023 ; Conference date: 06-01-2023 Through 08-01-2023",

year = "2023",

doi = "10.1109/ICCE56470.2023.10043484",

language = "English",

series = "Digest of Technical Papers - IEEE International Conference on Consumer Electronics",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2023 IEEE International Conference on Consumer Electronics, ICCE 2023",

address = "United States",

}

Arshad, I , Qiao, Y , Lee, B & Ye, Y 2023, Invisible Encoded Backdoor attack on DNNs using Conditional GAN. in 2023 IEEE International Conference on Consumer Electronics, ICCE 2023. Digest of Technical Papers - IEEE International Conference on Consumer Electronics, vol. 2023-January, Institute of Electrical and Electronics Engineers Inc., 2023 IEEE International Conference on Consumer Electronics, ICCE 2023, Las Vegas, United States, 6/01/23. https://doi.org/10.1109/ICCE56470.2023.10043484

Invisible Encoded Backdoor attack on DNNs using Conditional GAN. / Arshad, Iram ; Qiao, Yuansong ; Lee, Brian et al.
2023 IEEE International Conference on Consumer Electronics, ICCE 2023. Institute of Electrical and Electronics Engineers Inc., 2023. (Digest of Technical Papers - IEEE International Conference on Consumer Electronics; Vol. 2023-January).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Invisible Encoded Backdoor attack on DNNs using Conditional GAN

AU - Arshad, Iram

AU - Qiao, Yuansong

AU - Lee, Brian

AU - Ye, Yuhang

PY - 2023

Y1 - 2023

N2 - Deep Learning (DL) models deliver superior performance and have achieved remarkable results for classification and vision tasks. However, recent research focuses on exploring these Deep Neural Networks (DNNs) weaknesses as these can be vulnerable due to transfer learning and outsourced training data. This paper investigates the feasibility of generating a stealthy invisible backdoor attack during the training phase of deep learning models. For developing the poison dataset, an interpolation technique is used to corrupt the sub-feature space of the conditional generative adversarial network. Then, the generated poison dataset is mixed with the clean dataset to corrupt the training images dataset. The experiment results show that by injecting a 3% poison dataset combined with the clean dataset, the DL models can effectively fool with a high degree of model accuracy.

AB - Deep Learning (DL) models deliver superior performance and have achieved remarkable results for classification and vision tasks. However, recent research focuses on exploring these Deep Neural Networks (DNNs) weaknesses as these can be vulnerable due to transfer learning and outsourced training data. This paper investigates the feasibility of generating a stealthy invisible backdoor attack during the training phase of deep learning models. For developing the poison dataset, an interpolation technique is used to corrupt the sub-feature space of the conditional generative adversarial network. Then, the generated poison dataset is mixed with the clean dataset to corrupt the training images dataset. The experiment results show that by injecting a 3% poison dataset combined with the clean dataset, the DL models can effectively fool with a high degree of model accuracy.

KW - Backdoor Attack

KW - Conditional Generative Adversarial Network

KW - Image Synthesis

UR - http://www.scopus.com/inward/record.url?scp=85149140601&partnerID=8YFLogxK

U2 - 10.1109/ICCE56470.2023.10043484

DO - 10.1109/ICCE56470.2023.10043484

M3 - Conference contribution

AN - SCOPUS:85149140601

T3 - Digest of Technical Papers - IEEE International Conference on Consumer Electronics

BT - 2023 IEEE International Conference on Consumer Electronics, ICCE 2023

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2023 IEEE International Conference on Consumer Electronics, ICCE 2023

Y2 - 6 January 2023 through 8 January 2023

ER -

Invisible Encoded Backdoor attack on DNNs using Conditional GAN

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this