Latent Backdoor Attacks on Deep Neural Networks

This is the documentation of the Tensorflow/Keras implementation of Latent Backdoor Attacks. Please see the paper for details Latent Backdoor Attacks on Deep Neural Networks, CCS'19.

Dependencies

  • keras==2.3.1
  • numpy==1.16.4
  • tensorflow-gpu==1.14.0
  • h5py==2.10.0

The code has been tested on Python 3.7.

Source Code

Click here (890MB with example dataset and model) to download.

Directory Layout

latent_utils.py               # Utility functions.
pattern_gen.py                # Trigger optimization utility functions.
vggface_pubfig_attack.py      # Example script to perform attack.
data/                         # Directory to store data.
    pubfig.h5                 # PubFig dataset in h5 format.
models/                       # Directory to store models.
    vggface.h5                # VGG-Face model in h5 format.

Usage

The following script shows an example to attack a VGG-Face Teacher model and then, through transfer learning, infect a Student model trained on PubFig dataset.

python vggface_pubfig_attack.py

The script does the following:

  1. Alter Teacher model to include target class
  2. Retrain Teacher model
  3. Generate optimized latent backdoor trigger
  4. Train latent backdoor into Teacher model
  5. Transfer learning: build a Student model from the infected Teacher model
  6. Train Student model on clean Student data
  7. Test attack success rate on the Student model

Click here (706MB) to download a copy of infected student model resulted from the script.

Citation

Please cite the paper as follows

@inproceedings{yao2019latent,
  title={Latent Backdoor Attacks on Deep Neural Networks},
  author={Yao, Yuanshun and Li, Huiying and Zheng, Haitao and Zhao, Ben Y},
  booktitle={Proc. of CCS},
  year={2019},
}

Contact

Kevin Yao (ysyao@cs.uchicago.edu)
Huiying Li (huiyingli@uchicago.edu)