-
DeBUGCN -- Detecting Backdoors in CNNs Using Graph Convolutional Networks
Authors:
Akash Vartak,
Khondoker Murad Hossain,
Tim Oates
Abstract:
Deep neural networks (DNNs) are becoming commonplace in critical applications, making their susceptibility to backdoor (trojan) attacks a significant problem. In this paper, we introduce a novel backdoor attack detection pipeline, detecting attacked models using graph convolution networks (DeBUGCN). To the best of our knowledge, ours is the first use of GCNs for trojan detection. We use the static…
▽ More
Deep neural networks (DNNs) are becoming commonplace in critical applications, making their susceptibility to backdoor (trojan) attacks a significant problem. In this paper, we introduce a novel backdoor attack detection pipeline, detecting attacked models using graph convolution networks (DeBUGCN). To the best of our knowledge, ours is the first use of GCNs for trojan detection. We use the static weights of a DNN to create a graph structure of its layers. A GCN is then used as a binary classifier on these graphs, yielding a trojan or clean determination for the DNN. To demonstrate the efficacy of our pipeline, we train hundreds of clean and trojaned CNN models on the MNIST handwritten digits and CIFAR-10 image datasets, and show the DNN classification results using DeBUGCN. For a true In-the-Wild use case, our pipeline is evaluated on the TrojAI dataset which consists of various CNN architectures, thus showing the robustness and model-agnostic behaviour of DeBUGCN. Furthermore, on comparing our results on several datasets with state-of-the-art trojan detection algorithms, DeBUGCN is faster and more accurate.
△ Less
Submitted 25 February, 2025;
originally announced February 2025.
-
Classification of Financial Data Using Quantum Support Vector Machine
Authors:
Seemanta Bhattacharjee,
MD. Muhtasim Fuad,
A. K. M. Fakhrul Hossain
Abstract:
Quantum Support Vector Machine is a kernel-based approach to classification problems. We study the applicability of quantum kernels to financial data, specifically our self-curated Dhaka Stock Exchange (DSEx) Broad Index dataset. To the best of our knowledge, this is the very first systematic research work on this dataset on the application of quantum kernel. We report empirical quantum advantage…
▽ More
Quantum Support Vector Machine is a kernel-based approach to classification problems. We study the applicability of quantum kernels to financial data, specifically our self-curated Dhaka Stock Exchange (DSEx) Broad Index dataset. To the best of our knowledge, this is the very first systematic research work on this dataset on the application of quantum kernel. We report empirical quantum advantage in our work, using several quantum kernels and proposing the best one for this dataset while verifying the Phase Space Terrain Ruggedness Index metric. We estimate the resources needed to carry out these investigations on a larger scale for future practitioners.
△ Less
Submitted 14 December, 2024;
originally announced December 2024.
-
Advancing Security in AI Systems: A Novel Approach to Detecting Backdoors in Deep Neural Networks
Authors:
Khondoker Murad Hossain,
Tim Oates
Abstract:
In the rapidly evolving landscape of communication and network security, the increasing reliance on deep neural networks (DNNs) and cloud services for data processing presents a significant vulnerability: the potential for backdoors that can be exploited by malicious actors. Our approach leverages advanced tensor decomposition algorithms Independent Vector Analysis (IVA), Multiset Canonical Correl…
▽ More
In the rapidly evolving landscape of communication and network security, the increasing reliance on deep neural networks (DNNs) and cloud services for data processing presents a significant vulnerability: the potential for backdoors that can be exploited by malicious actors. Our approach leverages advanced tensor decomposition algorithms Independent Vector Analysis (IVA), Multiset Canonical Correlation Analysis (MCCA), and Parallel Factor Analysis (PARAFAC2) to meticulously analyze the weights of pre-trained DNNs and distinguish between backdoored and clean models effectively. The key strengths of our method lie in its domain independence, adaptability to various network architectures, and ability to operate without access to the training data of the scrutinized models. This not only ensures versatility across different application scenarios but also addresses the challenge of identifying backdoors without prior knowledge of the specific triggers employed to alter network behavior. We have applied our detection pipeline to three distinct computer vision datasets, encompassing both image classification and object detection tasks. The results demonstrate a marked improvement in both accuracy and efficiency over existing backdoor detection methods. This advancement enhances the security of deep learning and AI in networked systems, providing essential cybersecurity against evolving threats in emerging technologies.
△ Less
Submitted 12 March, 2024;
originally announced March 2024.
-
TEN-GUARD: Tensor Decomposition for Backdoor Attack Detection in Deep Neural Networks
Authors:
Khondoker Murad Hossain,
Tim Oates
Abstract:
As deep neural networks and the datasets used to train them get larger, the default approach to integrating them into research and commercial projects is to download a pre-trained model and fine tune it. But these models can have uncertain provenance, opening up the possibility that they embed hidden malicious behavior such as trojans or backdoors, where small changes to an input (triggers) can ca…
▽ More
As deep neural networks and the datasets used to train them get larger, the default approach to integrating them into research and commercial projects is to download a pre-trained model and fine tune it. But these models can have uncertain provenance, opening up the possibility that they embed hidden malicious behavior such as trojans or backdoors, where small changes to an input (triggers) can cause the model to produce incorrect outputs (e.g., to misclassify). This paper introduces a novel approach to backdoor detection that uses two tensor decomposition methods applied to network activations. This has a number of advantages relative to existing detection methods, including the ability to analyze multiple models at the same time, working across a wide variety of network architectures, making no assumptions about the nature of triggers used to alter network behavior, and being computationally efficient. We provide a detailed description of the detection pipeline along with results on models trained on the MNIST digit dataset, CIFAR-10 dataset, and two difficult datasets from NIST's TrojAI competition. These results show that our method detects backdoored networks more accurately and efficiently than current state-of-the-art methods.
△ Less
Submitted 5 January, 2024;
originally announced January 2024.
-
Backdoor Attack Detection in Computer Vision by Applying Matrix Factorization on the Weights of Deep Networks
Authors:
Khondoker Murad Hossain,
Tim Oates
Abstract:
The increasing importance of both deep neural networks (DNNs) and cloud services for training them means that bad actors have more incentive and opportunity to insert backdoors to alter the behavior of trained models. In this paper, we introduce a novel method for backdoor detection that extracts features from pre-trained DNN's weights using independent vector analysis (IVA) followed by a machine…
▽ More
The increasing importance of both deep neural networks (DNNs) and cloud services for training them means that bad actors have more incentive and opportunity to insert backdoors to alter the behavior of trained models. In this paper, we introduce a novel method for backdoor detection that extracts features from pre-trained DNN's weights using independent vector analysis (IVA) followed by a machine learning classifier. In comparison to other detection techniques, this has a number of benefits, such as not requiring any training data, being applicable across domains, operating with a wide range of network architectures, not assuming the nature of the triggers used to change network behavior, and being highly scalable. We discuss the detection pipeline, and then demonstrate the results on two computer vision datasets regarding image classification and object detection. Our method outperforms the competing algorithms in terms of efficiency and is more accurate, helping to ensure the safe application of deep learning and AI.
△ Less
Submitted 15 December, 2022;
originally announced December 2022.
-
Modelling Attacks in Blockchain Systems using Petri Nets
Authors:
Md. Atik Shahriar,
Faisal Haque Bappy,
A. K. M. Fakhrul Hossain,
Dayamoy Datta Saikat,
Md Sadek Ferdous,
Mohammad Jabed M. Chowdhury,
Md Zakirul Alam Bhuiyan
Abstract:
Blockchain technology has evolved through many changes and modifications, such as smart-contracts since its inception in 2008. The popularity of a blockchain system is due to the fact that it offers a significant security advantage over other traditional systems. However, there have been many attacks in various blockchain systems, exploiting different vulnerabilities and bugs, which caused a signi…
▽ More
Blockchain technology has evolved through many changes and modifications, such as smart-contracts since its inception in 2008. The popularity of a blockchain system is due to the fact that it offers a significant security advantage over other traditional systems. However, there have been many attacks in various blockchain systems, exploiting different vulnerabilities and bugs, which caused a significant financial loss. Therefore, it is essential to understand how these attacks in blockchain occur, which vulnerabilities they exploit, and what threats they expose. Another concerning issue in this domain is the recent advancement in the quantum computing field, which imposes a significant threat to the security aspects of many existing secure systems, including blockchain, as they would invalidate many widely-used cryptographic algorithms. Thus, it is important to examine how quantum computing will affect these or other new attacks in the future. In this paper, we explore different vulnerabilities in current blockchain systems and analyse the threats that various theoretical and practical attacks in the blockchain expose. We then model those attacks using Petri nets concerning current systems and future quantum computers.
△ Less
Submitted 14 November, 2020;
originally announced November 2020.
-
On Appropriate Selection of Fuzzy Aggregation Operators in Medical Decision Support System
Authors:
K. M. Motahar Hossain,
Zahir Raihan,
M. M. A. Hashem
Abstract:
The Decision Support System (DSS) contains more than one antecedent and the degrees of strength of the antecedents need to be combined to determine the overall strength of the rule consequent. The membership values of the linguistic variables in Fuzzy have to be combined using an aggregation operator. But it is not feasible to predefine the form of aggregation operators in decision making. Instead…
▽ More
The Decision Support System (DSS) contains more than one antecedent and the degrees of strength of the antecedents need to be combined to determine the overall strength of the rule consequent. The membership values of the linguistic variables in Fuzzy have to be combined using an aggregation operator. But it is not feasible to predefine the form of aggregation operators in decision making. Instead, each rule should be found based on the feeling of the experts and on their actual decision pattern over the set of typical examples. Thus this work illustrates how the choice of aggregation operators is intended to mimic human decision making and can be selected and adjusted to fit empirical data, a series of test cases. Both parametrized and nonparametrized aggregation operators are adapted to fit empirical data. Moreover, they provided compensatory properties and, therefore, seemed to produce a better decision support system. To solve the problem, a threshold point from the output of the aggregation operators is chosen as the separation point between two classes. The best achieved accuracy is chosen as the appropriate aggregation operator. Thus a medical decision can be generated which is very close to a practitioner's guideline.
△ Less
Submitted 9 April, 2013;
originally announced April 2013.
