A method for protecting neural networks from computer backdoor attacks based on the trigger identification
Annotation
Modern technologies for the development and operation of neural networks are vulnerable to computer attacks with the introduction of software backdoors. Program backdoors can remain hidden indefinitely until activated by input of modified data containing triggers. These backdoors pose a direct threat to the security of information for all components of the artificial intelligence system. Such influences of intruders lead to a deterioration in the quality or complete cessation of the functioning of artificial intelligence systems. This paper proposes an original method for protecting neural networks, the essence of which is to create a database of ranked synthesized backdoor’s triggers of the target class of backdoor attacks. The proposed method for protecting neural networks is implemented through a sequence of protective actions: detecting a backdoor, identifying a trigger, and neutralizing a backdoor. Based on the proposed method, software and algorithmic support for testing neural networks has been developed that allows you to identify and neutralize computer backdoor attacks. Experimental studies have been carried out on various dataset-trained convolutional neural network architectures for objects such as aerial photographs (DOTA), handwritten digits (MNIST), and photographs of human faces (LFW). The decrease in the effectiveness of backdoor attacks (no more than 3 %) and small losses in the quality of the functioning of neural networks (by 8–10 % of the quality of the functioning of a neural network without a backfill) showed the success of the developed method. The use of the developed method for protecting neural networks allows information security specialists to purposefully counteract computer backdoor attacks on artificial intelligence systems and develop automated information protection tools.
Keywords
Постоянный URL
Articles in current issue
- Investigation of congruent lithium niobate crystal dispersion properties in the terahertz frequency range
- Polarization extinction ratio in polarization maintaining fiber sealed with glass solder
- Method for remote control of radiation parameters of spacecraft based on X-ray fluorescence analysis
- Fiber-optic amplitude bend direction and magnitude sensor
- Compensation of external disturbances for MIMO systems with control delay
- Building cryptographic schemes based on elliptic curves over rational numbers
- An algorithm for generating design solutions for data and design-production procedures management at the stages of the lifecycle of an electronic product
- Karin S.A., Karin A.I.A method for improving the efficiency of integrated processing of Earth remote sensing data in solving problems of spatial objects monitoring
- Development of a model for detecting network traffic anomalies in distributed wireless ad hoc networks
- Applying the FN-corrector to improve the quality of audio event classification
- Strengthening the role of microarchitectural stages of embedded systems design
- A multivariate binary decision tree classifier based on shallow neural network
- Improvement and comparison the performance of fuzzing testing algorithms for applications in Google Thread Sanitizer
- Software development system for creation adaptive user interfaces
- Light weight recommendation system for social networking analysis using a hybrid BERT-SVM classifier algorithm
- A method of detecting information security incidents based on anomalies in the user’s biometric behavioral characteristics
- Modeling of random processes based on Karhunen-Loeve decomposition
- Numerical dissipation control of a hybrid large-particle method in vortex instability problems
- Numerical model of a pulsed subcritical streamer microwave discharge for problems of plasma ignition of fuel mixtures in the gas phase
- Numerical study on the straight, helical and spiral capillary tube for the CO2 refrigerant
- Information reconstruction from noisy channel using ghost imaging method with spectral multiplexing in visible range