Content area

Abstract

Deep neural networks (DNNs) significantly facilitate the performance and efficiency of the Internet of Things (IoT). However, DNNs are vulnerable to backdoor attacks where the adversary can inject malicious data during the DNN model training. Such attacks are always activated when the input is stamped with a pre-specified trigger, resulting in a pre-setting prediction of the DNN model. It is necessary to detect the backdoors whether the DNN model has been injected before implementation. Since the data come from the various data holders during the model training, it is also essential to preserve the privacy of both input data and model. In this paper, we propose a framework MP-BADNet+ including backdoor attack detection and mitigation protocols among multi-participants in private deep neural networks. Based on the secure multi-party computation technique, MP-BADNet+ not only preserves the privacy of the training data and model parameters but also enables backdoor attacks detection and mitigation in privacy-preserving DNNs. Furthermore, we give the security analysis and formal security proof following the real world-ideal world simulation paradigm. Last but not least, experimental results demonstrate that our approach is effective in detecting and mitigating backdoor attacks in privacy-preserving DNNs.

Details

Title
MP-BADNet+: Secure and effective backdoor attack detection and mitigation protocols among multi-participants in private DNNs
Author
Chen, Congcong 1 ; Wei, Lifei 2   VIAFID ORCID Logo  ; Zhang, Lei 1 ; Peng, Ya 1 ; Ning, Jianting 3 

 Shanghai Ocean University, College of Information Technology, Shanghai, China (GRID:grid.412514.7) (ISNI:0000 0000 9833 2433) 
 Shanghai Maritime University, College of Information Engineering, Shanghai, China (GRID:grid.412518.b) (ISNI:0000 0001 0008 0619) 
 College of Computer and Cyber Security, Fujian Normal University, Fujian Provincial Key Laboratory of Network Security and Cryptology, Fuzhou, China (GRID:grid.411503.2) (ISNI:0000 0000 9271 2478); Institute of Information Engineering, Chinese Academy of Sciences, State Key Laboratory of Information Security, Beijing, China (GRID:grid.458480.5) (ISNI:0000 0004 0559 5648) 
Pages
2457-2473
Publication year
2022
Publication date
Nov 2022
Publisher
Springer Nature B.V.
ISSN
19366442
e-ISSN
19366450
Source type
Scholarly Journal
Language of publication
English
DOI
https://doi.org/10.1007/s12083-022-01377-6
ProQuest document ID
2733854462
Copyright
© The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2022. Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.