BadNets: Evaluating Backdooring Attacks on Deep Neural Networks
Indexed incrossrefdoaj
Abstract
Deep learning-based techniques have achieved state-of-the-art performance on a wide variety of recognition and classification tasks. However, these networks are typically computationally expensive to train, requiring weeks of computation on many GPUs; as a result, many users outsource the training procedure to the cloud or rely on pre-trained models that are then fine-tuned for a specific task. In this paper, we show that the outsourced training introduces new security risks: an adversary can create a maliciously trained network (a backdoored neural network, or a BadNet) that has the state-of-the-art performance on the user's training and validation samples but behaves badly on specific attacker-chosen inputs.…
Citation impact
1,132
total citations
- FWCI
- 49.62
- Percentile
- 100%
- References
- 62
Citations per year
Authors
4Topics & keywords
Topics
Keywords
- Backdoor
- Computer science
- Traffic sign recognition
- Adversary
- Artificial neural network
- Artificial intelligence
- Classifier (UML)
- Deep neural networks
UN Sustainable Development Goals
- Peace, Justice and strong institutions
No related works found for this paper.