Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

The Art of Deception: Robust Backdoor Attack using Dynamic Stacking of Triggers

Orson Mengara

TL;DR

DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.

Abstract

The area of Machine Learning as a Service (MLaaS) is experiencing increased implementation due to recent advancements in the AI (Artificial Intelligence) industry. However, this spike has prompted concerns regarding AI defense mechanisms, specifically regarding potential covert attacks from third-party providers that cannot be entirely trusted. Recent research has uncovered that auditory backdoors may use certain modifications as their initiating mechanism. DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean. By utilizing fluctuating signal sampling rates and masking speaker identities through dynamic sound triggers (such as the clapping of hands), it is possible to deceive speech recognition systems (ASR). Our empirical testing demonstrates that DynamicTrigger is both potent and stealthy, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.

The Art of Deception: Robust Backdoor Attack using Dynamic Stacking of Triggers

TL;DR

DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.

Abstract

The area of Machine Learning as a Service (MLaaS) is experiencing increased implementation due to recent advancements in the AI (Artificial Intelligence) industry. However, this spike has prompted concerns regarding AI defense mechanisms, specifically regarding potential covert attacks from third-party providers that cannot be entirely trusted. Recent research has uncovered that auditory backdoors may use certain modifications as their initiating mechanism. DynamicTrigger is introduced as a methodology for carrying out dynamic backdoor attacks that use cleverly designed tweaks to ensure that corrupted samples are indistinguishable from clean. By utilizing fluctuating signal sampling rates and masking speaker identities through dynamic sound triggers (such as the clapping of hands), it is possible to deceive speech recognition systems (ASR). Our empirical testing demonstrates that DynamicTrigger is both potent and stealthy, achieving impressive success rates during covert attacks while maintaining exceptional accuracy with non-poisoned datasets.
Paper Structure (25 sections, 9 equations, 14 figures, 4 tables, 2 algorithms)

This paper contains 25 sections, 9 equations, 14 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Related work
  3. Attack Strategies for Adversarial Machine Learning Models
  4. Proposed Method: Threat Model
  5. Problem Formulation
  6. Configuration and Backdoor attacks
  7. Trigger creation:
  8. Trigger Injection:
  9. Attacks Configuration.
  10. Experiment Setup
  11. Datasets.
  12. Victim models.
  13. Evaluation Metrics.
  14. Experimental Results
  15. Backdoor Attack Performance and discussion:
  16. ...and 10 more sections

Figures (14)

  • Figure 1: Illustrates the execution process of a backdoor attack. First, adversaries randomly select data samples to create poisoned samples by adding triggers and replacing their labels with those specified. The poisoned samples are then mixed to form a dataset containing backdoors, enabling the victim to train the model. Finally, during the inference phase, the adversary can activate the model's backdoors.
  • Figure 2: Causes and Consequences of Backdoor Attacks on speech recognition.
  • Figure 3: Data poisoning by successful clean label activation. Top plots show three separate clean spectrograms and bottom plots their respective poisoned counterparts.
  • Figure 4: Top plots show three separate clean spectrograms and bottom plots their poisoned (backdoored) counterparts with decisions made by the CNN-LSTM model ( Table\ref{['table:v01']}).
  • Figure 5: T-SNE-PCA shows how well DynamicTrigger adapts to clean data, to view the high-dimensional features of models with trigger-based backdoors.
  • ...and 9 more figures

Theorems & Definitions (1)

  • Definition 4.1