Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks

Wang, Bolun; Yao, Yuanshun; Shan, Shawn; Li, Huiying; Viswanath, Bimal; Zheng, Hai-Tao; Zhao, Ben Y.

doi:10.1109/sp.2019.00031

articleMay 1, 2019GOLD OA

Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks

BWBolun Wang YYYuanshun Yao SSShawn Shan HLHuiying Li BVBimal Viswanath

University of California, Santa Barbara · University of Chicago · +1 more institution

Indexed incrossref

Abstract

Lack of transparency in deep neural networks (DNNs) make them susceptible to backdoor attacks, where hidden associations or triggers override normal classification to produce unexpected results. For example, a model with a backdoor always identifies a face as Bill Gates if a specific symbol is present in the input. Backdoors can stay hidden indefinitely until activated by an input, and present a serious security risk to many security or safety related applications, e.g. biometric authentication systems or self-driving cars. We present the first robust and generalizable detection and mitigation system for DNN backdoor attacks. Our techniques identify backdoors and reconstruct possible triggers. We identify…

Citation impact

1,327

total citations

FWCI: 79.07
Percentile: 100%
References: 81

Citations per year

Authors

7

Topics & keywords

Topics

Keywords

Backdoor
Artificial neural network
Computer science
Artificial intelligence
Computer security

UN Sustainable Development Goals

Peace, Justice and strong institutions

No related works found for this paper.

Funding

NS
National Science Foundation
Awards: CNS-1527939, 1705042, CNS-1705042, 1527939