Research On Key Technologies Of Data-poisoning-based Backdoor Attack And Defense

In recent years,with the explosive growth of data and the improvement of computing power,machine learning and deep learning technologies have made great progress.The rapid development of these technologies has considerably promoted technological advancements in many real-world industrial and life fields,making artificial intelligence no longer just a research topic,but increasingly appearing in people’s daily lives and gradually becoming an important part of human life.However,the resulting security issues of artificial intelligence are a cause for concern and have become a hot topic among researchers.Among them,backdoor attacks are a common and highly harmful attack method.This attack method originates from data poisoning attacks,but compared with data poisoning attacks,backdoor attacks are more covert.Backdoor attacks inject malicious poisoned samples into the training data,causing the deep learning model to produce incorrect predictions under specific triggering conditions.Backdoor attacks are highly harmful because attackers can control the output of the deep learning model without being detected.This paper provides a systematic overview of the research on backdoor attacks based on data poisoning in deep learning.Based on the currently available classic backdoor attack schemes,we investigate the gradient-based hidden backdoor attack technique and the label-consistent backdoor attack technique based on frequency domain triggers.In addition,based on the existing defense schemes against backdoor attacks and other machine learning algorithms,we propose a backdoor attack defense scheme based on outlier detection.The main research core and achievements of this article include the following aspects:1.Study on the key technologies of backdoor attack schemes based on gradient optimization.Based on the standard backdoor attack scheme,this article proposes a trigger generation scheme based on gradient optimization,with the aim of improving the concealment of the backdoor attack trigger.This makes it difficult to successfully detect the trigger,and implant the backdoor in the neural network with fewer poisoned samples.2.Study on the key technologies of backdoor attack schemes based on frequencydomain triggers.This technology starts by improving the label poisoning phenomenon in backdoor attacks and the feasibility in reality and proposes a label-consistent backdoor attack scheme(ALFBA)with an invisible trigger through the design of a frequency-domain trigger and the limitation of the adversary’s ability.3.Study on the key technologies of backdoor attack defense based on outlier detection.To address the threat of data poisoning-based backdoor attacks,this article proposes a defense technique that utilizes outlier detection to filter out poisoned samples.This article also proposes a backdoor defense technique that supports black-box scenarios.The research in this paper has a certain reference value for the security research of deep learning,which can help researchers and practitioners better understand the security threats related to backdoor attacks in deep learning and highlight the severity of these threats.This can promote research on relevant defense technologies and enhance the security and robustness of Artificial intelligence technology.