ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks

arXiv:2210.00108v4 Announce Type: replace-cross
Abstract: Early backdoor attacks against machine learning set off an arms race in attack and defence development. Defences have since appeared demonstrating some ability to detect backdoors in models or even remove them. These defences work by inspecting the training data, the model, or the integrity of the training procedure. In this work, we show that backdoors can be added during compilation, circumventing any safeguards in the data preparation and model training stages. The attacker can …

arms arxiv attack attacks backdoor backdoor attacks backdoors blackbox cs.cr cs.lg data defence detect development integrity machine machine learning networks neural networks race remove training training data undetectable work