Detecting Backdoor Attacks Against Point Cloud Classifiers
Zhen Xiang, David J. Miller, Siheng Chen, Xi Li, George Kesidis
TL;DR
This paper introduces a novel reverse-engineering defense method to detect backdoor attacks on point cloud classifiers, addressing a new threat in autonomous driving applications.
Contribution
It proposes the first defense that infers backdoor attacks on point cloud classifiers without needing training data or reference classifiers.
Findings
Effective detection on ModeNet40 dataset
Detects backdoor attacks without training set access
Addresses unique backdoor embedding mechanisms
Abstract
Backdoor attacks (BA) are an emerging threat to deep neural network classifiers. A classifier being attacked will predict to the attacker's target class when a test sample from a source class is embedded with the backdoor pattern (BP). Recently, the first BA against point cloud (PC) classifiers was proposed, creating new threats to many important applications including autonomous driving. Such PC BAs are not detectable by existing BA defenses due to their special BP embedding mechanism. In this paper, we propose a reverse-engineering defense that infers whether a PC classifier is backdoor attacked, without access to its training set or to any clean classifiers for reference. The effectiveness of our defense is demonstrated on the benchmark ModeNet40 dataset for PCs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Forensic and Genetic Research
MethodsTest · pc