Understanding and Mitigating Neural Backdoors

Open Access
- Author:
- Pang, Ren
- Graduate Program:
- Informatics
- Degree:
- Doctor of Philosophy
- Document Type:
- Dissertation
- Date of Defense:
- February 22, 2024
- Committee Members:
- Xiang Zhang, Major Field Member
Fenglong Ma, Major Field Member
Ting Wang, Chair & Dissertation Advisor
Sencun Zhu, Outside Unit & Field Member
Dongwon Lee, Professor in Charge/Director of Graduate Studies - Keywords:
- backdoor attack
deep learning
backdoor defense
AutoML
Neural Architecture Search - Abstract:
- The rapid progress in deep learning has led to significant breakthroughs in various machine learning tasks. Despite the remarkable success of deep learning models across domains, the intensive research has produced a plethora of backdoor attacks/defenses, resulting in a constant arms race. However, previous studies have highlighted the intricate trade-offs and complexities involved, yet a fundamental understanding of the connections between different attack vectors remains elusive. Furthermore, the lack of standardized evaluation benchmarks has hindered comprehensive research from multiple critical research questions. To address these limitations, we present three significant contributions in this dissertation. (i) We propose IMC, which enhances conventional backdoor attacks by jointly optimizing triggers and trojaned models, uncovering intriguing mutual reinforcement effects between the two attack vectors. (ii) We introduce TrojanZoo, an open-source platform designed to evaluate neural backdoor attacks and defenses holistically. Through systematic analysis, TrojanZoo reveals key insights into the design spectrum of existing attacks and defenses. (iii) We extend the scope of backdoor attacks to AutoML by introducing EVAS, a novel attack leveraging neural architecture search to discover architectures with inherent vulnerabilities. According to extensive evaluation, EVAS demonstrates high evasiveness, transferability, and robustness, raising important considerations for future defense strategies.