Defense Scheme for Removing Deep Neural Network Backdoors Based on JSMA Adversarial Attacks
Deep learning models lack transparency and interpretability,and the abnormal behavior triggered by malicious attacks during the inference stage can lead to a decline in their performance.In response to this issue,this paper proposed a defense scheme for removing deep neural network(DNN)backdoors based on JSMA adversarial attacks.Firstly,the hidden backdoor trigger was restored using special disturbances generated by simulations of JSMA,and this foundation formed the basis for simulating the restoration of the backdoor trigger pattern.Secondly,a heatmap was used to locate the weight position of the restored hidden trigger.Finally,a ridge regression function was used to reset the weights to zero effectively removing the backdoor in the DNN.This paper tested the model on the MNIST and CIFAR10 datasets,and evaluated the performance of the model after the backdoor removal.The experimental results show that this scheme can effectively remove the backdoors in DNN models,with only less than a 3%decrease in the testing accuracy of the DNN.
deep learning modelcounter attackJSMAridge regression function
NETL
NSTL
万方数据
