We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
深度神经网络中的后门攻击与防御技术综述.
- Authors
钱汉伟; 孙伟松
- Abstract
The neural network backdoor attack aims to implant a hidden backdoor into the deep neural network, so that the infected model behaves normally on benign test samples, but behaves abnormally on poisoned test samples with backdoor triggers. For example, all poisoned test samples will be predicted as the target label by the infected model. This paper provides a comprehensive review and the taxonomy for existing attack methods according to the attack objects, which can be categorized into four types, including data poisoning attacks, physical world attacks, model poisoning attacks, and others. This paper summarizes the existing backdoor defense technologies from the perspective of attack and defense confrontation, which include poisoned sample identifying, poisoned model identifying, poisoned test sample filtering, and others. This paper explains the principles of deep neural network backdoor defects from the perspectives of deep learning mathematical principles and visualization, and discusses the difficulties and future development directions of deep neural network backdoor attacks and countermeasures from the perspectives of software engineering and program analysis. It is hoped that this survey can help researchers understand the research progress of deep neural network backdoor attacks and countermeasures, and provide more inspiration for designing more robust deep neural networks.
- Publication
Journal of Frontiers of Computer Science & Technology, 2023, Vol 17, Issue 5, p1038
- ISSN
1673-9418
- Publication type
Article
- DOI
10.3778/j.issn.1673-9418.2210061