FooBaR: Fault Fooling Backdoor Attack on Neural Network Training
Jakub Breier, Xiaolu Hou, Mart\'in Ochoa, Jesus Solano
TL;DR
This paper introduces a novel fault injection attack during neural network training that creates backdoors, enabling controlled misclassification at inference with high success rates and minimal neuron targeting.
Contribution
It presents a new training-phase fault attack method that injects backdoors into neural networks, allowing for effective fooling inputs during deployment.
Findings
Achieved attack success rates from 60% to 100%.
High confidence in misclassification with minimal neuron faults.
Preserved original classification accuracy.
Abstract
Neural network implementations are known to be vulnerable to physical attack vectors such as fault injection attacks. As of now, these attacks were only utilized during the inference phase with the intention to cause a misclassification. In this work, we explore a novel attack paradigm by injecting faults during the training phase of a neural network in a way that the resulting network can be attacked during deployment without the necessity of further faulting. In particular, we discuss attacks against ReLU activation functions that make it possible to generate a family of malicious inputs, which are called fooling inputs, to be used at inference time to induce controlled misclassifications. Such malicious inputs are obtained by mathematically solving a system of linear equations that would cause a particular behaviour on the attacked activation functions, similar to the one induced in…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning