Selective Poisoning Attack on Deep Neural Network to Induce Fine-Grained Recognition Error
Title | Selective Poisoning Attack on Deep Neural Network to Induce Fine-Grained Recognition Error |
Publication Type | Conference Paper |
Year of Publication | 2019 |
Authors | Kwon, Hyun, Yoon, Hyunsoo, Park, Ki-Woong |
Conference Name | 2019 IEEE Second International Conference on Artificial Intelligence and Knowledge Engineering (AIKE) |
Keywords | AI Poisoning, Artificial neural networks, chosen class, CIFAR10, cyber physical systems, Data models, Deep Neural Network, distortion, DNN security, DNN training process, fine-grained recognition error, image recognition, learning (artificial intelligence), machine learning, machine learning library, malicious training data, MNIST, neural nets, Neural networks, Neurons, nuclear facilities, Pattern recognition, poisoning attack, policy-based governance, pubcrawl, Resiliency, security of data, selective poisoning attack, Speech recognition, Support vector machines, Training, Training data |
Abstract | Deep neural networks (DNNs) provide good performance for image recognition, speech recognition, and pattern recognition. However, a poisoning attack is a serious threat to DNN's security. The poisoning attack is a method to reduce the accuracy of DNN by adding malicious training data during DNN training process. In some situations such as a military, it may be necessary to drop only a chosen class of accuracy in the model. For example, if an attacker does not allow only nuclear facilities to be selectively recognized, it may be necessary to intentionally prevent UAV from correctly recognizing nuclear-related facilities. In this paper, we propose a selective poisoning attack that reduces the accuracy of only chosen class in the model. The proposed method reduces the accuracy of a chosen class in the model by training malicious training data corresponding to a chosen class, while maintaining the accuracy of the remaining classes. For experiment, we used tensorflow as a machine learning library and MNIST and CIFAR10 as datasets. Experimental results show that the proposed method can reduce the accuracy of the chosen class to 43.2% and 55.3% in MNIST and CIFAR10, while maintaining the accuracy of the remaining classes. |
DOI | 10.1109/AIKE.2019.00033 |
Citation Key | kwon_selective_2019 |
- MNIST
- Training data
- Training
- Support vector machines
- Speech recognition
- selective poisoning attack
- security of data
- Resiliency
- pubcrawl
- policy-based governance
- poisoning attack
- Pattern recognition
- nuclear facilities
- Neurons
- Neural networks
- neural nets
- AI Poisoning
- malicious training data
- machine learning library
- machine learning
- learning (artificial intelligence)
- image recognition
- fine-grained recognition error
- DNN training process
- DNN security
- distortion
- Deep Neural Network
- Data models
- cyber physical systems
- CIFAR10
- chosen class
- Artificial Neural Networks