1,251 research outputs found
Are You Tampering With My Data?
We propose a novel approach towards adversarial attacks on neural networks
(NN), focusing on tampering the data used for training instead of generating
attacks on trained models. Our network-agnostic method creates a backdoor
during training which can be exploited at test time to force a neural network
to exhibit abnormal behaviour. We demonstrate on two widely used datasets
(CIFAR-10 and SVHN) that a universal modification of just one pixel per image
for all the images of a class in the training set is enough to corrupt the
training procedure of several state-of-the-art deep neural networks causing the
networks to misclassify any images to which the modification is applied. Our
aim is to bring to the attention of the machine learning community, the
possibility that even learning-based methods that are personally trained on
public datasets can be subject to attacks by a skillful adversary.Comment: 18 page
A survey on security analysis of machine learning-oriented hardware and software intellectual property
Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security
Attention-Enhancing Backdoor Attacks Against BERT-based Models
Recent studies have revealed that \textit{Backdoor Attacks} can threaten the
safety of natural language processing (NLP) models. Investigating the
strategies of backdoor attacks will help to understand the model's
vulnerability. Most existing textual backdoor attacks focus on generating
stealthy triggers or modifying model weights. In this paper, we directly target
the interior structure of neural networks and the backdoor mechanism. We
propose a novel Trojan Attention Loss (TAL), which enhances the Trojan behavior
by directly manipulating the attention patterns. Our loss can be applied to
different attacking methods to boost their attack efficacy in terms of attack
successful rates and poisoning rates. It applies to not only traditional
dirty-label attacks, but also the more challenging clean-label attacks. We
validate our method on different backbone models (BERT, RoBERTa, and
DistilBERT) and various tasks (Sentiment Analysis, Toxic Detection, and Topic
Classification).Comment: Findings of EMNLP 202
- …