%0 Conference Proceedings
%T Backdoor Attacks in Neural Networks – A Systematic Evaluation on Multiple Traffic Sign Datasets
%+ SBA Research
%A Rehman, Huma
%A Ekelhart, Andreas
%A Mayer, Rudolf
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 3rd International Cross-Domain Conference for Machine Learning and Knowledge Extraction (CD-MAKE)
%C Canterbury, United Kingdom
%Y Andreas Holzinger
%Y Peter Kieseberg
%Y A Min Tjoa
%Y Edgar Weippl
%I Springer International Publishing
%3 Machine Learning and Knowledge Extraction
%V LNCS-11713
%P 285-300
%8 2019-08-26
%D 2019
%R 10.1007/978-3-030-29726-8_18
%K Deep learning
%K Robustness
%K Adversarial attacks
%K Backdoor attacks
%Z Computer Science [cs]Conference papers
%X Machine learning, and deep learning in particular, has seen tremendous advances and surpassed human-level performance on a number of tasks. Currently, machine learning is increasingly integrated in many applications and thereby, becomes part of everyday life, and automates decisions based on predictions. In certain domains, such as medical diagnosis, security, autonomous driving, and financial trading, wrong predictions can have a significant influence on individuals and groups. While advances in prediction accuracy have been impressive, machine learning systems still can make rather unexpected mistakes on relatively easy examples, and the robustness of algorithms has become a reason for concern before deploying such systems in real-world applications. Recent research has shown that especially deep neural networks are susceptible to adversarial attacks that can trigger such wrong predictions. For image analysis tasks, these attacks are in the form of small perturbations that remain (almost) imperceptible to human vision. Such attacks can cause a neural network classifier to completely change its prediction about an image, with the model even reporting a high confidence about the wrong prediction. Of particular interest for an attacker are so-called backdoor attacks, where a specific key is embedded into a data sample, to trigger a pre-defined class prediction. In this paper, we systematically evaluate the effectiveness of poisoning (backdoor) attacks on a number of benchmark datasets from the domain of autonomous driving.
%G English
%Z TC 5
%Z TC 12
%Z WG 8.4
%Z WG 8.9
%Z WG 12.9
%2 https://inria.hal.science/hal-02520034/document
%2 https://inria.hal.science/hal-02520034/file/485369_1_En_18_Chapter.pdf
%L hal-02520034
%U https://inria.hal.science/hal-02520034
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC5
%~ IFIP-WG
%~ IFIP-TC12
%~ IFIP-WG8-4
%~ IFIP-WG8-9
%~ IFIP-CD-MAKE
%~ IFIP-WG12-9
%~ IFIP-LNCS-11713