Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems
Deep neural networks exhibit excellent image, voice, text, and pattern recognition performance. However, they are vulnerable to adversarial and backdoor attacks. In a backdoor attack, the target model identifies input data unless it contains a specific trigger, at which point it mistakenly recognize...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
IEEE
2024-01-01
|
| Series: | IEEE Access |
| Subjects: | |
| Online Access: | https://ieeexplore.ieee.org/document/10741518/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1846156517099700224 |
|---|---|
| author | Hyun Kwon Jang-Woon Baek |
| author_facet | Hyun Kwon Jang-Woon Baek |
| author_sort | Hyun Kwon |
| collection | DOAJ |
| description | Deep neural networks exhibit excellent image, voice, text, and pattern recognition performance. However, they are vulnerable to adversarial and backdoor attacks. In a backdoor attack, the target model identifies input data unless it contains a specific trigger, at which point it mistakenly recognizes the altered data. In a backdoor attack, an attacker employs a specific trigger to initiate the attack. In this paper, we propose a selective backdoor sample that the ally (or “friend”) text recognition model correctly recognizes but misrecognizes in the enemy’s text recognition model. The proposed method involves training friend and enemy models on backdoor sentences with a specific trigger; the friend’s model accurately classifies these samples, while the enemy’s model incorrectly identifies them. In our experimental evaluation, we use the TensorFlow library and two datasets related to movie reviews (MR and IMDB). In the experiment, an attack success rate of 100% was achieved by the proposed method against the enemy’s model using backdoor samples with a trigger in front of the sentence when there were approximately 1% backdoor samples in the training data. In addition, the accuracy of the friend’s model for the backdoor samples and that of the original samples were maintained at 85.2% and 86.5% (MR dataset) and 90.6% and 91.2% (IMDB dataset), respectively. |
| format | Article |
| id | doaj-art-2fa2bc1f93454e058afa8dcce04fbf32 |
| institution | Kabale University |
| issn | 2169-3536 |
| language | English |
| publishDate | 2024-01-01 |
| publisher | IEEE |
| record_format | Article |
| series | IEEE Access |
| spelling | doaj-art-2fa2bc1f93454e058afa8dcce04fbf322024-11-26T00:01:33ZengIEEEIEEE Access2169-35362024-01-011217068817069810.1109/ACCESS.2024.343658610741518Text Select-Backdoor: Selective Backdoor Attack for Text Recognition SystemsHyun Kwon0Jang-Woon Baek1Department of Artificial Intelligence and Data Science, Korea Military Academy, Seoul, South KoreaDepartment of Architectural Engineering, Kyung Hee University, Gyeonggi, South KoreaDeep neural networks exhibit excellent image, voice, text, and pattern recognition performance. However, they are vulnerable to adversarial and backdoor attacks. In a backdoor attack, the target model identifies input data unless it contains a specific trigger, at which point it mistakenly recognizes the altered data. In a backdoor attack, an attacker employs a specific trigger to initiate the attack. In this paper, we propose a selective backdoor sample that the ally (or “friend”) text recognition model correctly recognizes but misrecognizes in the enemy’s text recognition model. The proposed method involves training friend and enemy models on backdoor sentences with a specific trigger; the friend’s model accurately classifies these samples, while the enemy’s model incorrectly identifies them. In our experimental evaluation, we use the TensorFlow library and two datasets related to movie reviews (MR and IMDB). In the experiment, an attack success rate of 100% was achieved by the proposed method against the enemy’s model using backdoor samples with a trigger in front of the sentence when there were approximately 1% backdoor samples in the training data. In addition, the accuracy of the friend’s model for the backdoor samples and that of the original samples were maintained at 85.2% and 86.5% (MR dataset) and 90.6% and 91.2% (IMDB dataset), respectively.https://ieeexplore.ieee.org/document/10741518/Deep neural networktext domainmachine-learning securitybackdoor attack |
| spellingShingle | Hyun Kwon Jang-Woon Baek Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems IEEE Access Deep neural network text domain machine-learning security backdoor attack |
| title | Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems |
| title_full | Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems |
| title_fullStr | Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems |
| title_full_unstemmed | Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems |
| title_short | Text Select-Backdoor: Selective Backdoor Attack for Text Recognition Systems |
| title_sort | text select backdoor selective backdoor attack for text recognition systems |
| topic | Deep neural network text domain machine-learning security backdoor attack |
| url | https://ieeexplore.ieee.org/document/10741518/ |
| work_keys_str_mv | AT hyunkwon textselectbackdoorselectivebackdoorattackfortextrecognitionsystems AT jangwoonbaek textselectbackdoorselectivebackdoorattackfortextrecognitionsystems |