An Improved Method for Making CNN Immune to Backdoor Attack by Activating Clustering
- Resource Type
- Conference
- Authors
- Zhou, Yuang; Lei, Yichen; Yu, Limin; Li, Xianyao; Chen, Dingding; Zhang, Tongpo
- Source
- 2022 6th International Symposium on Computer Science and Intelligent Control (ISCSIC) ISCSIC Computer Science and Intelligent Control (ISCSIC), 2022 6th International Symposium on. :1-6 Nov, 2022
- Subject
- Computing and Processing
Training
Computer science
Computational modeling
Computer network reliability
Neural networks
Interference
Data collection
Machine learning
Backdoor Attack
Neural Network
Poison data
Activation Clustering
- Language
When a neural network is trained with a data set from an untrusted source, an attacker can insert poisoned data with a backdoor trigger into the data set to make the neural network make wrong decisions. By using Activation Clustering over convolutional neural networks, we propose an improved method for defensing backdoor attacks in the process of data collection and preparation. Experimental results show that this method can reliably protect neural networks from the interference of malicious data during training. The essence of this method is making a neural network to learn the feature of the trigger and classify the toxic data into a separate class. The structure of the existing model is also optimized to make the size of the model lightweight.