TY - GEN
T1 - Detecting Backdoors Embedded in Ensembles
AU - Kim, Seok Hee
AU - Hahn, Changhee
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - Machine learning has experienced significant growth in recent decades, and ensemble learning, a powerful technique within this field, has also shown notable progress. However, as the adoption of machine learning grows, security concerns have emerged, with backdoor attacks (a.k.a., Trojan attacks) being a prominent example. While several studies have investigated backdoor attacks in various domains, including neural networks, transfer learning, and federated learning, research on backdoor attacks specifically targeting ensemble learning remains scarce, despite the heightened vulnerability. In this paper, we propose the first detection method designed to combat backdoor attacks in ensemble learning. Our focus lies on the modification attack, a potent and easily implemented technique achieved through the injection of a trigger into the training dataset. To counter such attacks, we leverage a meticulously designed test ensemble and analyze the magnitude of feature vectors to discern the benign nature of input models. Our approach effectively overcomes the limitations encountered by existing defenses when confronting backdoor attacks in ensemble learning, such as the dependence on clean datasets used for training the input models and practical cost considerations. We demonstrate that our scheme simultaneously achieves the aforementioned objectives and exhibits robust performance against advanced attacks.
AB - Machine learning has experienced significant growth in recent decades, and ensemble learning, a powerful technique within this field, has also shown notable progress. However, as the adoption of machine learning grows, security concerns have emerged, with backdoor attacks (a.k.a., Trojan attacks) being a prominent example. While several studies have investigated backdoor attacks in various domains, including neural networks, transfer learning, and federated learning, research on backdoor attacks specifically targeting ensemble learning remains scarce, despite the heightened vulnerability. In this paper, we propose the first detection method designed to combat backdoor attacks in ensemble learning. Our focus lies on the modification attack, a potent and easily implemented technique achieved through the injection of a trigger into the training dataset. To counter such attacks, we leverage a meticulously designed test ensemble and analyze the magnitude of feature vectors to discern the benign nature of input models. Our approach effectively overcomes the limitations encountered by existing defenses when confronting backdoor attacks in ensemble learning, such as the dependence on clean datasets used for training the input models and practical cost considerations. We demonstrate that our scheme simultaneously achieves the aforementioned objectives and exhibits robust performance against advanced attacks.
UR - http://www.scopus.com/inward/record.url?scp=85189244955&partnerID=8YFLogxK
U2 - 10.1109/ICEIC61013.2024.10457185
DO - 10.1109/ICEIC61013.2024.10457185
M3 - Conference contribution
AN - SCOPUS:85189244955
T3 - 2024 International Conference on Electronics, Information, and Communication, ICEIC 2024
BT - 2024 International Conference on Electronics, Information, and Communication, ICEIC 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2024 International Conference on Electronics, Information, and Communication, ICEIC 2024
Y2 - 28 January 2024 through 31 January 2024
ER -