Timezone: »

Understanding Backdoor Attacks through the Adaptability Hypothesis
Xun Xian · Ganghua Wang · Jayanth Srinivasa · Ashish Kundu · Xuan Bi · Mingyi Hong · Jie Ding

Wed Jul 26 02:00 PM -- 03:30 PM (PDT) @ Exhibit Hall 1 #527

A poisoning backdoor attack is a rising security concern for deep learning. This type of attack can result in the backdoored model functioning normally most of the time but exhibiting abnormal behavior when presented with inputs containing the backdoor trigger, making it difficult to detect and prevent. In this work, we propose the adaptability hypothesis to understand when and why a backdoor attack works for general learning models, including deep neural networks, based on the theoretical investigation of classical kernel-based learning models. The adaptability hypothesis postulates that for an effective attack, the effect of incorporating a new dataset on the predictions of the original data points will be small, provided that the original data points are distant from the new dataset. Experiments on benchmark image datasets and state-of-the-art backdoor attacks for deep neural networks are conducted to corroborate the hypothesis. Our finding provides insight into the factors that affect the attack's effectiveness and has implications for the design of future attacks and defenses.

Author Information

Xun Xian (University of Minnesota)
Ganghua Wang (University of Minnesota)
Jayanth Srinivasa (Cisco)
Ashish Kundu (Cisco Research)
Ashish Kundu

Dr. Ashish Kundu is currently at Cisco Research as its Head of Cybersecurity Research. He worked at Nuro as its Head of Cybersecurity, and as Research Staff Member at IBM T J Watson Research Center.He is an ACM Distinguished Member, and has also been an ACM Distinguished Speaker. He has led security, privacy and compliance of self-driving cars, tele-operated driving, cloud-based healthcare, and cloud-based AI-driven education platforms. His research has led to more than 160 patents filed with more than 150 patents granted, and more than 50 research papers. He has been honored with the prestigious Master Inventor recognition multiple times by IBM Research. Dr. Kundu received his Ph.D. in Cybersecurity from Purdue University and received the prestigious CERIAS Diamond Award for outstanding contributions to cybersecurity.

Xuan Bi (University of Minnesota - Twin Cities)
Mingyi Hong (University of Minnesota)
Jie Ding (University of Minnesota)

More from the Same Authors