Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks

Authors

Rui Ning, Old Dominion UniversityFollow
Jiang Li, Old Dominion UniversityFollow
Chunsheng Xin, Old Dominion UniversityFollow
Hongyi Wu, Old Dominion UniversityFollow

Document Type

Conference Paper

Publication Date

2022

DOI

10.1609/aaai.v36i9.21272

Publication Title

Proceedings of the AAAI Conference on Artificial Intelligence

Volume

36

Issue

9

Pages

10309-10318

Conference Name

Thirty-Sixth AAAI Conference on Artificial Intelligence, February 22-March 1, 2022, Virtual

Abstract

We report a new neural backdoor attack, named Hibernated Backdoor, which is stealthy, aggressive and devastating. The backdoor is planted in a hibernated mode to avoid being detected. Once deployed and fine-tuned on end-devices, the hibernated backdoor turns into the active state that can be exploited by the attacker. To the best of our knowledge, this is the first hibernated neural backdoor attack. It is achieved by maximizing the mutual information (MI) between the gradients of regular and malicious data on the model. We introduce a practical algorithm to achieve MI maximization to effectively plant the hibernated backdoor. To evade adaptive defenses, we further develop a targeted hibernated backdoor, which can only be activated by specific data samples and thus achieves a higher degree of stealthiness. We show the hibernated backdoor is robust and cannot be removed by existing backdoor removal schemes. It has been fully tested on four datasets with two neural network architectures, compared to five existing backdoor attacks, and evaluated using seven backdoor detection schemes. The experiments demonstrate the effectiveness of the hibernated backdoor attack under various settings.

Rights

© 2022 Association for the Advancement of Artificial Intelligence. All rights reserved.

In the Returned Rights section of the AAAI copyright form, authors are specifically granted back the right to use their own papers for noncommercial uses, such as inclusion in their dissertations or the right to deposit their own papers in their institutional repositories, provided there is proper attribution. The published version is not available for posting outside the AAAI Digital Library.

Metadata record included in accordance with publisher policy.

Original Publication Citation

Ning, R., Li, J., Xin, C., Wu, H., & Wang, C. (2022). Hibernated backdoor: A mutual information empowered backdoor attack to deep neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9), 10309-10318. https://doi.org/10.1609/aaai.v36i9.21272

Repository Citation

Ning, R., Li, J., Xin, C., Wu, H., & Wang, C. (2022). Hibernated backdoor: A mutual information empowered backdoor attack to deep neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9), 10309-10318. https://doi.org/10.1609/aaai.v36i9.21272

ORCID

0000-0003-4050-6252 (Ning), 0000-0003-0091-6986 (Li)