Evaluation of backdoor attacks and defenses to deep neural networks

Abstract

The proliferation of Artificial Intelligence in our daily lives has inevitably attracted the omnipresent threat of backdoor attacks in deep neural networks from adversary. This study aimed to enhance awareness on various notorious backdoor attacks and the defense practices by assessing the effectiveness, stealthiness of the attacks, and the resilience of their countermeasures. This was achieved through a series of experiments designed to correlate key variables in their response to Attack Success Rate and Clean Accuracy. The study revealed the inconvenient truth that backdoor attacking is easier than defending it. BadNets was clearly the most potent attack as it has the highest average Attack Success Rate while there are more uncertainty on the defense side. The analysis permitted ranking of attacks and defense strategies albeit subjected to the characteristics of the neural network and the poisoning rate. Nevertheless, it suggested some balancing trade-offs. There is no one-size fits-all defense strategy due to poor adaptivity; the situation is akin to an arms race, where improvements on one side prompted countermeasures from the other, leading to further developments in a perpetual competition. What made the matter worse is the continuous evolution of backdoor attacks towards a higher level of stealthiness. I hope that this study will inspire the readers for further research in search of adaptive defense strategy for wider range of backdoor attacks.