Stealthy Backdoors as Compression Artifacts
نویسندگان
چکیده
Model compression is a widely-used approach for reducing the size of deep learning models without much accuracy loss, enabling resource-hungry to be compressed use on resource-constrained devices. In this paper, we study risk that model could provide an opportunity adversaries inject stealthy backdoors. backdoor attack machine model, adversary produces performs well normal inputs but outputs targeted misclassifications containing small trigger pattern. We design attacks such full-sized released by appears free from backdoors (even when tested using state-of-the-art techniques), it exhibits highly effective backdoor. show can done two common techniques—model pruning and quantization—even in settings where has limited knowledge how particular will done. Our findings demonstrate importance performing security tests actually deployed not their precompressed version. implementation available at https://github.com/yulongtzzz/Stealthy-Backdoors-as-Compression-Artifacts .
منابع مشابه
Detecting Stealthy Backdoors with Association Rule Mining
In this paper we describe a practical approach for detecting a class of backdoor communication channel that relies on port knocking in order to activate a backdoor on a remote compromised system. Detecting such activation sequences is extremely challenging because of varying port sequences and easily modifiable port values. Simple signature-based approaches are not appropriate, whilst more adva...
متن کاملSmoothing DCT Compression Artifacts N
d image in the discrete cosine transform (DCT) omain can generate blocky artifacts in the outs a put image. It is possible to reduce these artifact nd RMS error by adjusting measures of block g t edginess and image roughness, while restrictin he DCT coefficient values to values that would d i have been quantized to those of the compresse mage. We also introduce a DCT coefficient . amplitude adj...
متن کاملGeneralizing Backdoors
A powerful intuition in the design of search methods is that one wants to proactively select variables that simplify the problem instance as much as possible when these variables are assigned values. The notion of “Backdoor” variables follows this intuition. In this work we generalize Backdoors in such a way to allow more general classes of sub-solvers, both complete and heuristic. In order to ...
متن کاملDeep Convolution Networks for Compression Artifacts Reduction
Lossy compression introduces complex compression artifacts, particularly blocking artifacts, ringing effects and blurring. Existing algorithms either focus on removing blocking artifacts and produce blurred output, or restore sharpened images that are accompanied with ringing effects. Inspired by the success of deep convolutional networks (DCN) on superresolution [6], we formulate a compact and...
متن کاملDynamic Texture Recognition Based on Compression Artifacts
The paper proposes a novel approach to the classification of compressed videos containing dynamic textures. The term dynamic texture is usually used with reference to image sequences of various natural processes that exhibit stochastic dynamics (e.g., water, fire and windblown vegetation). Description and recognition of dynamic textures have attracted growing attention. Although one of the most...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Transactions on Information Forensics and Security
سال: 2022
ISSN: ['1556-6013', '1556-6021']
DOI: https://doi.org/10.1109/tifs.2022.3160359