Backdoor Attacks against Learning-Based Algorithms
Springer International Publishing (Verlag)
978-3-031-57388-0 (ISBN)
Based on the observation that DNN models are vulnerable to small perturbations, this book demonstrates that steganography and regularization can be adopted to enhance the invisibility of backdoor triggers. Based on image similarity measurement, this book presents two metrics to quantitatively measure the invisibility of backdoor triggers. The invisible trigger design scheme introduced in this book achieves a balance between the invisibility and the effectiveness of backdoor attacks. In the natural language processing domain, it is difficult to design and insert a general backdoor in a manner imperceptible to humans. Any corruption to the textual data (e.g., misspelled words or randomly inserted trigger words/sentences) must retain context-awareness and readability to human inspectors. This book introduces two novel hidden backdoor attacks, targeting three major natural language processing tasks, including toxic comment detection, neural machine translation, and question answering, depending on whether the targeted NLP platform accepts raw Unicode characters.
The emerged distributed training framework, i.e., federated learning, has advantages in preserving users' privacy. It has been widely used in electronic medical applications, however, it also faced threats derived from backdoor attacks. This book presents a novel backdoor detection framework in FL-based e-Health systems. We hope this book can provide insightful lights on understanding the backdoor attacks in different types of learning-based algorithms, including computer vision, natural language processing, and federated learning. The systematic principle in this book also offers valuable guidance on the defense of backdoor attacks against future learning-based algorithms.
Shaofeng Li received the B.E. degree in Software Engineering from Hunan University, China, and the M.E. degree in Computer Science from Northeastern University, China, in 2014 and 2017, respectively. He received the Ph.D. degree in Computer Science from Shanghai Jiao Tong University, Canada, in 2022. Starting from 2022, he works as a Post-doctoral fellow with the Department of Mathematics and Theory, Peng Cheng Laboratory. He focuses primarily on the areas of machine learning and security, specifically exploring the robustness of machine learning models against various adversarial attacks. His work has received the ACM CCS Best Paper Award Runner-Up.
Haojin Zhu is a Professor with Department of Computer Science and Engineering, Shanghai Jiao Tong University, China. He received his B.Sc. degree (2002) from Wuhan University (China), M.Sc.(2005) degree from Shanghai Jiao Tong University (China), both in computer science and the Ph.D. in Electrical and Computer Engineering from the University of Waterloo (Canada), in 2009. He has published in more than 60 journals, including: JSAC, TDSC, TPDS, TMC, TIFS, TWC, TVT and more than 90 international conference papers, including IEEE S&P, ACM CCS, USENIX Security, ACM MOBICOM, NDSS, ACM MOBIHOC, IEEE INFOCOM, IEEE ICDCS. He received IEEE Fellow (2023), IEEE VTS Distinguished Lecturer (2022), the IEEE ComSoc Asia-Pacific Outstanding Young Researcher Award (2014) for the contribution to wireless network security and privacy, Top 100 Most Cited Chinese Papers Published in International Journals of 2014, Supervisor of Shanghai Excellent Master Thesis, and best paper awards of IEEE ICC 2007, Chinacom 2008 and best paper award runner up for Globecom 2014, WASA 2017, and ACM CCS 2021. He is leading the Network Security and Privacy Protection (NSEC) Lab.
Wen Wu received the B.E. degree in Information Engineering from South China University of Technology, Guangzhou, China, and the M.E. degree in Electrical Engineering from University of Science and Technology of China, Hefei, China, in 2012 and 2015, respectively. He received the Ph.D. degree in Electrical and Computer Engineering from University of Waterloo, Waterloo, ON, Canada, in 2019. Starting from 2019, he works as a Post-doctoral fellow with the Department of Electrical and Computer Engineering, University of Waterloo. Currently, he is an associate professor with the Department of Mathematics and Theory, Pengcheng Laboratory. His research interests include millimeter-wave networks and AI-empowered wireless networks.
Xuemin (Sherman) Shen received the Ph.D. degree in electrical engineering from Rutgers University, New Brunswick, NJ, USA, in 1990. He is a University Professor with the Department of Electrical and Computer Engineering, University of Waterloo, Canada. His research focuses on network resource management, wireless network security, Internet of Things, 5G and beyond, and vehicular ad hoc and sensor networks. Dr. Shen is a registered Professional Engineer of Ontario, Canada, an Engineering Institute of Canada Fellow, a Canadian Academy of Engineering Fellow, a Royal Society of Canada Fellow, a Chinese Academy of Engineering Foreign Member, and a Distinguished Lecturer of the IEEE Vehicular Technology Society and Communications Society. Dr. Shen received the Canadian Award for Telecommunications Research from the Canadian Society of Information Theory (CSIT) in 2021, the R.A. Fessenden Award in 2019 from IEEE, Canada, Award of Merit from the Federation of Chinese Canadian Professionals (Ontario) in 2019, James Evans Avant Garde Award in 2018 from the IEEE Vehicular Technology Society, Joseph LoCicero Award in 2015 and Education Award in 2017 from the IEEE Communications Society, and Technical Recognition Award from Wireless Communications Technical Committee (2019) and AHSN Technical Committee (2013). Dr. Shen is the President of the I
Introduction.- Literature Review of Backdoor Attacks.- Invisible Backdoor Attacks in Image Classification Based Network Services.- Hidden Backdoor Attacks in NLP Based Network Services.- Backdoor Attacks and Defense in FL.- Summary and Future Directions.
Erscheinungsdatum | 31.05.2024 |
---|---|
Reihe/Serie | Wireless Networks |
Zusatzinfo | XI, 153 p. 58 illus., 56 illus. in color. |
Verlagsort | Cham |
Sprache | englisch |
Maße | 155 x 235 mm |
Themenwelt | Mathematik / Informatik ► Informatik ► Netzwerke |
Informatik ► Theorie / Studium ► Künstliche Intelligenz / Robotik | |
Technik ► Nachrichtentechnik | |
Schlagworte | adversarial attacks • Backdoor attacks • Coalitional game • deep neural networks • E-Health • federated learning • Homograph attacks • image classification • Image Similarity • image steganography • Language models • Natural Language Processing • Shapley Value • text generation |
ISBN-10 | 3-031-57388-9 / 3031573889 |
ISBN-13 | 978-3-031-57388-0 / 9783031573880 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich