Backdoor Attack and Defense for Deep Regression

Add code
Sep 06, 2021
Xi Li, George Kesidis, David J. Miller, Vladimir Lucic
Figure 1 for Backdoor Attack and Defense for Deep Regression
Figure 2 for Backdoor Attack and Defense for Deep Regression
Figure 3 for Backdoor Attack and Defense for Deep Regression
Figure 4 for Backdoor Attack and Defense for Deep Regression

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

We demonstrate a backdoor attack on a deep neural network used for regression. The backdoor attack is localized based on training-set data poisoning wherein the mislabeled samples are surrounded by correctly labeled ones. We demonstrate how such localization is necessary for attack success. We also study the performance of a backdoor defense using gradient-based discovery of local error maximizers. Local error maximizers which are associated with significant (interpolation) error, and are proximal to many training samples, are suspicious. This method is also used to accurately train for deep regression in the first place by active (deep) learning leveraging an "oracle" capable of providing real-valued supervision (a regression target) for samples. Such oracles, including traditional numerical solvers of PDEs or SDEs using finite difference or Monte Carlo approximations, are far more computationally costly compared to deep regression.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon