亲爱的研友该休息了!由于当前在线用户较少,发布求助请尽量完整的填写文献信息,科研通机器人24小时在线,伴您度过漫漫科研夜!身体可是革命的本钱,早点休息,好梦!

Anti-Distillation Backdoor Attacks: Backdoors Can Really Survive in Knowledge Distillation

后门 计算机科学 蒸馏 MNIST数据库 过程(计算) 人工智能 架空(工程) 机器学习 计算机安全 深度学习 操作系统 有机化学 化学
作者
Yunjie Ge,Qian Wang,Baolin Zheng,Xinlu Zhuang,Qi Li,Chao Shen,Cong Wang
标识
DOI:10.1145/3474085.3475254
摘要

Motivated by resource-limited scenarios, knowledge distillation (KD) has received growing attention, effectively and quickly producing lightweight yet high-performance student models by transferring the dark knowledge from large teacher models. However, many pre-trained teacher models are downloaded from public platforms that lack necessary vetting, posing a possible threat to knowledge distillation tasks. Unfortunately, thus far, there has been little research to consider the backdoor attack from the teacher model into student models in KD, which may pose a severe threat to its wide use. In this paper, we, for the first time, propose a novel Anti-Distillation Backdoor Attack (ADBA), in which the backdoor embedded in the public teacher model can survive the knowledge distillation process and thus be transferred to secret distilled student models. We first introduce a shadow to imitate the distillation process and adopt an optimizable trigger to transfer information to help craft the desired teacher model. Our attack is powerful and effective, which achieves 95.92%, 94.79%, and 90.19% average success rates of attacks (SRoAs) against several different structure student models on MNIST, CIFAR-10, and GTSRB, respectively. Our ADBA also performs robustly under different user distillation environments with 91.72% and 92.37% average SRoAs on MNIST and CIFAR-10, respectively. Finally, we show that the ADBA has a low overhead in the injecting process, which converges on 50 and 70 epochs on CIFAR-10 and GTSRB, respectively, while the normal training epochs of these datasets are almost 200.

科研通智能强力驱动
Strongly Powered by AbleSci AI
更新
大幅提高文件上传限制,最高150M (2024-4-1)

科研通是完全免费的文献互助平台,具备全网最快的应助速度,最高的求助完成率。 对每一个文献求助,科研通都将尽心尽力,给求助人一个满意的交代。
实时播报
LJ完成签到 ,获得积分10
1秒前
4秒前
可爱的大白菜真实的钥匙完成签到 ,获得积分10
9秒前
10秒前
24秒前
白大褂发布了新的文献求助10
27秒前
29秒前
科研通AI2S应助科研通管家采纳,获得10
29秒前
31秒前
35秒前
诚心的信封完成签到 ,获得积分10
45秒前
上官若男应助白大褂采纳,获得10
53秒前
烟花应助Milesgao采纳,获得10
1分钟前
1分钟前
忘皆空发布了新的文献求助10
1分钟前
1分钟前
小谷围桥苯环萘完成签到,获得积分10
1分钟前
maodeshu给宇文一的求助进行了留言
2分钟前
科研通AI2S应助忘皆空采纳,获得10
2分钟前
2分钟前
不正发布了新的文献求助10
2分钟前
Simpson完成签到 ,获得积分10
2分钟前
2分钟前
大个应助wnx001111采纳,获得10
2分钟前
科研通AI2S应助科研通管家采纳,获得10
2分钟前
2分钟前
2分钟前
shawn发布了新的文献求助10
2分钟前
2分钟前
wnx001111发布了新的文献求助10
2分钟前
wnx001111完成签到,获得积分10
2分钟前
包容丹云完成签到,获得积分10
3分钟前
笨笨的元绿完成签到,获得积分20
3分钟前
3分钟前
3分钟前
鸫鸫完成签到,获得积分10
3分钟前
3分钟前
HHH完成签到,获得积分10
3分钟前
Luminous应助tctgvfxdbhb采纳,获得30
3分钟前
HHH发布了新的文献求助10
3分钟前
高分求助中
Mantiden: Faszinierende Lauerjäger Faszinierende Lauerjäger Heßler, Claudia, Rud 1000
PraxisRatgeber: Mantiden: Faszinierende Lauerjäger 1000
Natural History of Mantodea 螳螂的自然史 1000
A Photographic Guide to Mantis of China 常见螳螂野外识别手册 800
Autoregulatory progressive resistance exercise: linear versus a velocity-based flexible model 500
Spatial Political Economy: Uneven Development and the Production of Nature in Chile 400
Research on managing groups and teams 300
热门求助领域 (近24小时)
化学 医学 生物 材料科学 工程类 有机化学 生物化学 物理 内科学 纳米技术 计算机科学 化学工程 复合材料 基因 遗传学 物理化学 催化作用 细胞生物学 免疫学 冶金
热门帖子
关注 科研通微信公众号,转发送积分 3330375
求助须知:如何正确求助?哪些是违规求助? 2960038
关于积分的说明 8598036
捐赠科研通 2638593
什么是DOI,文献DOI怎么找? 1444478
科研通“疑难数据库(出版商)”最低求助积分说明 669106
邀请新用户注册赠送积分活动 656727