Backdoor Attack on Deep Learning Models:A Survey

YING Zonghao, WU Bin

doi:10.11896/jsjkx.220600031

Jisuanji kexue (Mar 2023)

Backdoor Attack on Deep Learning Models:A Survey

YING Zonghao, WU Bin

Affiliations

YING Zonghao, WU Bin: State Key Laboratory of Information Security,Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,ChinaSchool of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China

DOI: https://doi.org/10.11896/jsjkx.220600031
Journal volume & issue: Vol. 50, no. 3
pp. 333 – 350

Abstract

Read online

In recent years,artificial intelligence represented by deep learning has made breakthroughs in theories and technologies.With the strong support of data,algorithms and computing power,deep learning has received unprecedented attention and has been widely used in various fields,bringing great improvements to the corresponding fields.With the wide application of deep learning technology in various fields including security critical ones,the security issue of deep learning has attracted more and more attention.Researchers have found many security risks in deep learning systems.In terms of the security of deep learning models,researchers have extensively explored the new attack paradigm of backdoor attack.Backdoor attack can threaten deep learning models throughout their whole life cycle.A large number of researchers have proposed series of attack scheme from different angles.This paper takes the security threats of deep learning system as a starting point,introduces the current attack paradigms.On this basis,it gives the back-ground and principle of backdoor attack,distinguishes the similar attack paradigms such as adversarial attack and data poisoning attack,then continues to elaborate on the attack principle and outstanding features of the classic methods of backdoor attack to date.According to the working principle,the attack schemes are divided into data poisoning based attack and model poisoning based attack and others,the paper systematically summarizes them and clarify the advantages and disadvantages of current research.Then,this paper surveys the state-of-the-art works of backdoor attack against various typical applications and popular deep learning paradigms,which further reveal the threat of backdoor attack towards deep learning models.Finally,this paper summarizes the research work on applying backdoor attack characteristics to positive applications and explores the current challenges of backdoor attack,as well as discusses future research directions worthy of in-depth exploration,aiming to provide guidance for the follow-up researchers to further promote the development of backdoor attack and security of deep learning.

deep learning|security of model|backdoor attack|attack paradigms|data poisoning

Published in Jisuanji kexue

ISSN: 1002-137X (Print)
Publisher: Editorial office of Computer Science
Country of publisher: China
LCC subjects: Science: Mathematics: Instruments and machines: Electronic computers. Computer science: Computer software; Technology: Technology (General)
Website: http://www.jsjkx.com/CN/1002-137X/home.shtml

About the journal

Abstract

Keywords