Show simple item record

dc.contributor.authorHammoud, Hasan Abed Al Kader
dc.contributor.authorGhanem, Bernard
dc.date.accessioned2021-09-15T06:21:02Z
dc.date.available2021-09-15T06:21:02Z
dc.date.issued2021-09-12
dc.identifier.urihttp://hdl.handle.net/10754/671219
dc.description.abstractDeep Neural Networks (DNNs) have been utilized in various applications ranging from image classification and facial recognition to medical imagery analysis and real-time object detection. As our models become more sophisticated and complex, the computational cost of training such models becomes a burden for small companies and individuals; for this reason, outsourcing the training process has been the go-to option for such users. Unfortunately, outsourcing the training process comes at the cost of vulnerability to backdoor attacks. These attacks aim at establishing hidden backdoors in the DNN such that the model performs well on benign samples but outputs a particular target label when a trigger is applied to the input. Current backdoor attacks rely on generating triggers in the image/pixel domain; however, as we show in this paper, it is not the only domain to exploit and one should always "check the other doors". In this work, we propose a complete pipeline for generating a dynamic, efficient, and invisible backdoor attack in the frequency domain. We show the advantages of utilizing the frequency domain for establishing undetectable and powerful backdoor attacks through extensive experiments on various datasets and network architectures. The backdoored models are shown to break various state-of-the-art defences. We also show two possible defences that succeed against frequency-based backdoor attacks and possible ways for the attacker to bypass them. We conclude the work with some remarks regarding a network's learning capacity and the capability of embedding a backdoor attack in the model.
dc.publisherarXiv
dc.relation.urlhttps://arxiv.org/pdf/2109.05507.pdf
dc.rightsArchived with thanks to arXiv
dc.titleCheck Your Other Door! Establishing Backdoor Attacks in the Frequency Domain
dc.typePreprint
dc.contributor.departmentKing Abdullah University of Science and Technology (KAUST)
dc.contributor.departmentElectrical and Computer Engineering Program
dc.contributor.departmentComputer, Electrical and Mathematical Science and Engineering (CEMSE) Division
dc.eprint.versionPre-print
dc.identifier.arxivid2109.05507
kaust.personHammoud, Hasan Abed Al Kader
kaust.personGhanem, Bernard
refterms.dateFOA2021-09-15T06:22:53Z


Files in this item

Thumbnail
Name:
Preprintfile1.pdf
Size:
1.870Mb
Format:
PDF
Description:
Pre-print

This item appears in the following Collection(s)

Show simple item record