Hibernated Backdoor: A Mutual Information Empowered Backdoor Attack to Deep Neural Networks
Document Type
Conference Paper
Publication Date
2022
DOI
10.1609/aaai.v36i9.21272
Publication Title
Proceedings of the AAAI Conference on Artificial Intelligence
Volume
36
Issue
9
Pages
10309-10318
Conference Name
Thirty-Sixth AAAI Conference on Artificial Intelligence, February 22-March 1, 2022, Virtual
Abstract
We report a new neural backdoor attack, named Hibernated Backdoor, which is stealthy, aggressive and devastating. The backdoor is planted in a hibernated mode to avoid being detected. Once deployed and fine-tuned on end-devices, the hibernated backdoor turns into the active state that can be exploited by the attacker. To the best of our knowledge, this is the first hibernated neural backdoor attack. It is achieved by maximizing the mutual information (MI) between the gradients of regular and malicious data on the model. We introduce a practical algorithm to achieve MI maximization to effectively plant the hibernated backdoor. To evade adaptive defenses, we further develop a targeted hibernated backdoor, which can only be activated by specific data samples and thus achieves a higher degree of stealthiness. We show the hibernated backdoor is robust and cannot be removed by existing backdoor removal schemes. It has been fully tested on four datasets with two neural network architectures, compared to five existing backdoor attacks, and evaluated using seven backdoor detection schemes. The experiments demonstrate the effectiveness of the hibernated backdoor attack under various settings.
Rights
© 2022 Association for the Advancement of Artificial Intelligence. All rights reserved.
In the Returned Rights section of the AAAI copyright form, authors are specifically granted back the right to use their own papers for noncommercial uses, such as inclusion in their dissertations or the right to deposit their own papers in their institutional repositories, provided there is proper attribution. The published version is not available for posting outside the AAAI Digital Library.
Metadata record included in accordance with publisher policy.
Original Publication Citation
Ning, R., Li, J., Xin, C., Wu, H., & Wang, C. (2022). Hibernated backdoor: A mutual information empowered backdoor attack to deep neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9), 10309-10318. https://doi.org/10.1609/aaai.v36i9.21272
Repository Citation
Ning, R., Li, J., Xin, C., Wu, H., & Wang, C. (2022). Hibernated backdoor: A mutual information empowered backdoor attack to deep neural networks. Proceedings of the AAAI Conference on Artificial Intelligence, 36(9), 10309-10318. https://doi.org/10.1609/aaai.v36i9.21272
ORCID
0000-0003-4050-6252 (Ning), 0000-0003-0091-6986 (Li)