Abstract
Deep Neural Networks (DNN) are becoming increasingly more important in assisted and automated driving. Using such entities which are obtained using machine learning is inevitable: tasks such as recognizing traffic signs cannot be developed reasonably using traditional software development methods. DNN however do have the problem that they are mostly black boxes and therefore hard to understand and debug. One particular problem is that they are prone to hidden backdoors. This means that the DNN misclassifies its input, because it considers properties that should not be decisive for the output. Backdoors may either be introduced by malicious attackers or by inappropriate training. In any case, detecting and removing them is important in the automotive area, as they might lead to safety violations with potentially severe consequences. In this paper, we introduce a novel method to remove backdoors. Our method works for both intentional as well as unintentional backdoors. We also do not require prior knowledge about the shape or distribution of backdoors. Experimental evidence shows that our method performs well on several medium-sized examples.
Original language | English |
---|---|
Title of host publication | Formal Methods - 25th International Symposium, FM 2023, Proceedings |
Editors | Marsha Chechik, Joost-Pieter Katoen, Martin Leucker |
Publisher | Springer |
Pages | 635-647 |
Number of pages | 13 |
ISBN (Print) | 9783031274800 |
DOIs | |
Publication status | Published - 3 Mar 2023 |
Event | 25th International Symposium on Formal Methods, FM 2023 - Lübeck, Germany Duration: 6 Mar 2023 → 10 Mar 2023 Conference number: 25 |
Publication series
Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|
Volume | 14000 LNCS |
ISSN (Print) | 0302-9743 |
ISSN (Electronic) | 1611-3349 |
Conference
Conference | 25th International Symposium on Formal Methods, FM 2023 |
---|---|
Abbreviated title | FM |
Country/Territory | Germany |
City | Lübeck |
Period | 6/03/23 → 10/03/23 |
Keywords
- 2024 OA procedure
- Backdoor mitigation
- Neural networks
- Security testing
- Adversarial attacks