1 research outputs found
Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review
This work provides the community with a timely comprehensive review of
backdoor attacks and countermeasures on deep learning. According to the
attacker's capability and affected stage of the machine learning pipeline, the
attack surfaces are recognized to be wide and then formalized into six
categorizations: code poisoning, outsourcing, pretrained, data collection,
collaborative learning and post-deployment. Accordingly, attacks under each
categorization are combed. The countermeasures are categorized into four
general classes: blind backdoor removal, offline backdoor inspection, online
backdoor inspection, and post backdoor removal. Accordingly, we review
countermeasures, and compare and analyze their advantages and disadvantages. We
have also reviewed the flip side of backdoor attacks, which are explored for i)
protecting intellectual property of deep learning models, ii) acting as a
honeypot to catch adversarial example attacks, and iii) verifying data deletion
requested by the data contributor.Overall, the research on defense is far
behind the attack, and there is no single defense that can prevent all types of
backdoor attacks. In some cases, an attacker can intelligently bypass existing
defenses with an adaptive attack. Drawing the insights from the systematic
review, we also present key areas for future research on the backdoor, such as
empirical security evaluations from physical trigger attacks, and in
particular, more efficient and practical countermeasures are solicited.Comment: 29 pages, 9 figures, 2 table