Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks
DOI:
https://doi.org/10.1609/aaai.v36i9.21272Keywords:
Search And Optimization (SO)Abstract
We report a new neural backdoor attack, named Hibernated Backdoor, which is stealthy, aggressive and devastating. The backdoor is planted in a hibernated mode to avoid being detected. Once deployed and fine-tuned on end-devices, the hibernated backdoor turns into the active state that can be exploited by the attacker. To the best of our knowledge, this is the first hibernated neural backdoor attack. It is achieved by maximizing the mutual information (MI) between the gradients of regular and malicious data on the model. We introduce a practical algorithm to achieve MI maximization to effectively plant the hibernated backdoor. To evade adaptive defenses, we further develop a targeted hibernated backdoor, which can only be activated by specific data samples and thus achieves a higher degree of stealthiness. We show the hibernated backdoor is robust and cannot be removed by existing backdoor removal schemes. It has been fully tested on four datasets with two neural network architectures, compared to five existing backdoor attacks, and evaluated using seven backdoor detection schemes. The experiments demonstrate the effectiveness of the hibernated backdoor attack under various settings.
Downloads
Published
2022-06-28
How to Cite
Ning, R., Li, J., Xin, C., Wu, H., & Wang, C. (2022). Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9), 10309-10318. https://doi.org/10.1609/aaai.v36i9.21272
Issue
Section
AAAI Technical Track on Search and Optimization
