Applied Sciences (Apr 2023)

Automated Segmentation to Make Hidden Trigger Backdoor Attacks Robust against Deep Neural Networks

  • Saqib Ali,
  • Sana Ashraf,
  • Muhammad Sohaib Yousaf,
  • Shazia Riaz,
  • Guojun Wang

DOI
https://doi.org/10.3390/app13074599
Journal volume & issue
Vol. 13, no. 7
p. 4599

Abstract

Read online

The successful outcomes of deep learning (DL) algorithms in diverse fields have prompted researchers to consider backdoor attacks on DL models to defend them in practical applications. Adversarial examples could deceive a safety-critical system, which could lead to hazardous situations. To cope with this, we suggested a segmentation technique that makes hidden trigger backdoor attacks more robust. The tiny trigger patterns are conventionally established by a series of parameters encompassing their DNN size, location, color, shape, and other defining attributes. From the original triggers, alternate triggers are generated to control the backdoor patterns by a third party in addition to their original designer, which can produce a higher success rate than the original triggers. However, the significant downside of these approaches is the lack of automation in the scene segmentation phase, which results in the poor optimization of the threat model. We developed a novel technique that automatically generates alternate triggers to increase the effectiveness of triggers. Image denoising is performed for this purpose, followed by scene segmentation techniques to make the poisoned classifier more robust. The experimental results demonstrated that our proposed technique achieved 99% to 100% accuracy and helped reduce the vulnerabilities of DL models by exposing their loopholes.

Keywords