深度神经网络的后门攻击研究进展  

作　　者：黄舒心 张全新[1] 王亚杰 张耀元 李元章[1] HUANG Shuxin;ZHANG Quanxin;WANG Yajie;ZHANG Yaoyuan;LI Yuanzhang(School of Computer Science&Technology,Beijing Institute of Technology,Beijing 100081,China)

机构地区：[1]北京理工大学计算机学院,北京100081

出　　处：《计算机科学》2023年第9期52-61,共10页Computer Science

基　　金：国家重点研发计划(2022YFB2701500);国家自然科学基金(NSFC61876019)。

摘　　要：近年来,深度神经网络(Deep Neural Networks, DNNs)迅速发展,其应用领域十分广泛,包括汽车自动驾驶、自然语言处理、面部识别等,给人们的生活带来了许多便利。然而,DNNs的发展也埋下了一定的安全隐患。近年来,DNNs已经被证实易受到后门攻击,这主要是由于DNNs本身透明性较低以及可解释性较差,使攻击者可以趁虚而入。通过回顾神经网络后门攻击相关的研究工作,揭示了神经网络应用中潜在的安全与隐私风险,强调了后门领域研究的重要性。首先简要介绍了神经网络后门攻击的威胁模型,然后将神经网络后门攻击分为基于投毒的后门攻击和无投毒的后门攻击两大类,其中基于投毒的后门攻击又可以细分为多个类别;然后对神经网络后门攻击的发展进行了梳理和总结,对现有资源进行了汇总;最后对后门攻击未来的发展趋势进行了展望。In recent years,deep neural networks(DNNs)have developed rapidly,and their applications involve many fields,including auto autonomous driving,natural language processing,facial recognition and so on,which have brought a lot of convenience to people’s life.However,the growth of DNNs has brought some security concerns.In recent years,DNNs have been shown to be vulnerable to backdoor attacks,mainly due to their low transparency and poor interpretability,allowing attackers to to swoop in.In this paper,the potential security and privacy risks in neural network applications are revealed by reviewing the research work related to neural network backdoor attacks,and the importance of research in the field of backdoor is emphasized.This paper first briefly introduces the threat model of neural network backdoor,then the neural network backdoor attack is divided into two categories:the backdoor attack based on poisoning and the backdoor attack without poisoning,and the poisoning attack can be subdivided into multiple categories.It aggregates available resources about backdoor attack,and analyzes the development of backdoor on neural network and the future development trend of backdoor attack is prospected.

关 键 词：后门攻击 神经网络 机器学习 投毒攻击 非投毒攻击 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]