Full metadata record
DC Field | Value | Language |
---|---|---|
dc.contributor.author | 이연준 | - |
dc.date.accessioned | 2023-12-22T01:46:12Z | - |
dc.date.available | 2023-12-22T01:46:12Z | - |
dc.date.issued | 2023-08 | - |
dc.identifier.citation | 32nd USENIX Security Symposium, Page. 2707.0-2724.0 | - |
dc.identifier.uri | https://www.usenix.org/conference/usenixsecurity23/presentation/wei-chengan | en_US |
dc.identifier.uri | https://repository.hanyang.ac.kr/handle/20.500.11754/187820 | - |
dc.description.abstract | Pre-trained deep learning models are widely used to train accurate models with limited data in a short time. To reduce computational costs, pre-trained neural networks often employ subsampling operations. However, recent studies have shown that these subsampling operations can cause aliasing issues, resulting in problems with generalization. Despite this knowledge, there is still a lack of research on the relationship between the aliasing of neural networks and security threats, such as adversarial attacks and backdoor attacks, which manipulate model predictions without the awareness of victims. In this paper, we propose the aliasing backdoor, a low-cost and data-free attack that threatens mainstream pre-trained models and transfers to all student models fine-tuned from them. The key idea is to create an aliasing error in the strided layers of the network and manipulate a benign input to a targeted intermediate representation. To evaluate the attack, we conduct experiments on image classification, face recognition, and speech recognition tasks. The results show that our approach can effectively attack mainstream models with a success rate of over 95%. Our research, based on the aliasing error caused by subsampling, reveals a fundamental security weakness of strided layers, which are widely used in modern neural network architectures. To the best of our knowledge, this is the first work to exploit the strided layers to launch backdoor attacks. | - |
dc.description.sponsorship | We thank all the reviewers for their insightful comments and express our sincere gratitude for Shepherd’s assistance. The IIE CAS authors are supported in part by the National Key R&D Program of China (2020AAA0140001), NSFC (92270204), Beijing Natural Science Foundation (No.M22004), Beijing Nova Program, Youth Innovation Promotion Association CAS and a research grant from Huawei. The HYU author is supported by the National Research Foundation of Korea (NRF) grant funded by the Korea government (MSIT)(NRF-2022R1F1A1074999). | - |
dc.language | en | - |
dc.publisher | USENIX | - |
dc.title | Aliasing Backdoor Attacks on Pre-trained Models | - |
dc.type | Article | - |
dc.relation.page | 2707.0-2724.0 | - |
dc.relation.journal | 32nd USENIX Security Symposium | - |
dc.contributor.googleauthor | Wei,Cheng’an | - |
dc.contributor.googleauthor | Lee, Yeon joon | - |
dc.contributor.googleauthor | Chen,Kai | - |
dc.contributor.googleauthor | Meng,Guozhu | - |
dc.contributor.googleauthor | Lv,Peizhuo | - |
dc.sector.campus | E | - |
dc.sector.daehak | 소프트웨어융합대학 | - |
dc.sector.department | 컴퓨터학부 | - |
dc.identifier.pid | yeonjoonlee | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.