Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (7): 413-421.doi: 10.11896/jsjkx.230400113

• Information Security • Previous Articles     Next Articles

Backdoor Attack Method in Autoencoder End-to-End Communication System

GAN Run1, WEI Xianglin2, WANG Chao3, WANG Bin1, WANG Min1, FAN Jianhua2   

  1. 1 School of Electronic and Information Engineering,Nanjing University of Information Science and Technology,Nanjing 210044,China
    2 The 63rd Research Institute,National University of Defense Technology,Nanjing 210007,China
    3 School of Computer and Software,Nanjing University of Information Science and Technology,Nanjing 210044,China
  • Received:2023-04-16 Revised:2023-09-27 Online:2024-07-15 Published:2024-07-10
  • About author:GAN Run,born in 1998,postgraduate.His main reaserch interests include deep learning and backdoor attack.
    FAN Jianhua,born in 1971,Ph.D,research fellow,Ph.D supervisor.His main research interests include software defined radio and spectrum intelligent computing.

PDF (PC)

436

Abstract: End-to-end communication systems based on auto-encoders do not require an explicit design of communication protocols,resulting in lower complexity compared to traditional modular communication systems,as well as higher flexibility and robustness.However,the weak interpretability of the auto-encoder model has brought new security risks to the end-to-end communication system.Experiment shows that,in the scenario of unknown channel and separate training of the decoder,by adding carefully designed triggers at the channel layer,the originally well-performing decoder can produce misjudgments,without affecting the performance of the decoder when processing samples without triggers,achieving a backdoor attack on the communication system.This paper designs a trigger generation model and proposes a backdoor attack method that combines the trigger generation model with the auto-encoder model for joint training,realizing the automatic generation of dynamic triggers,increasing the stealthiness of the attack while improving the success rate of the attack.In order to verify the effectiveness of the proposed me-thod,four different auto-encoder models are implemented,and the backdoor attack effects under different signal-to-noise ratios,different poisoning rates,different trigger sizes,and different trigger signal ratios are studied.Experimental results show that under a 6dB signal-to-noise ratio,the attack success rate and clean sample recognition rate of our proposal are both greater than 92% for the four different auto-encoder models.

Key words: Deep learning, Backdoor attack, End-to-End communication, Trigger, Auto-encoder

CLC Number: 

  • TP183
[1]O'SHEA T,HOYDIS J.An Introduction to Deep Learning for the Physical Layer [J].IEEE Transactions on Cognitive Communications and Networking,2017,3(4):563-575.
[2]WU N,WANG X,LIN B,et al.A CNN-Based End-to-EndLearning Framework Toward Intelligent Communication Systems [J].IEEE Access,2019,7:110197-110204.
[3]CHAUDHARI H R,NAJLAH C P,SAMEER S M.A ResNet Based End-to-End Wireless Communication System under Rayleigh Fading and Bursty Noise Channels [C]//2020 IEEE 3rd 5G World Forum(5GWF).2020:53-58.
[4]ZHANG P,NIU K,YAO S H,et al.Semantic communications for future:basic principle and implementation methodology [J].Journal on Communications,2023,44(5):1-14.
[5]YU Y,WANG Y F,YANG W,et al.Backdoor Attacks Against Deep Image Compression via Adaptive Frequency Trigger [C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2023:12250-12259.
[6]LUO C X,LI Y,JIANG Y.Untargeted Backdoor Attack against Object Detection [J].arXiv:2211.05638,2023.
[7]YUAN Z H,ZHOU P.You Are Catching My Attention:Are Vision Transformers Bad Learners under Backdoor Attacks? [C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2023:24605-24615.
[8]LAN H,GU J D,TORR P.Influencer Backdoor Attack on Semantic Segmentation [J].arXiv:2303.12054,2023.
[9]MEI K,LI Z,WANG Z T,et al.NOTABLE:Transferable Backdoor Attacks Against Prompt-based NLP Models [J].arXiv:2305.17826,2023.
[10]DAI E,LIN M H,ZHANG X,et al.Unnoticeable Backdoor Attacks on Graph Neural Networks [C]//Proceedings of the ACM Web Conference.Austin,TX,USA,2023:2263-2273.
[11]SOURI H,GOLDBLUM M,FOWL L.Sleeper Agent:Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch[C]//Advances in Neural Information Processing Systems 35(NeurIPS 2022).2022:19165-19178.
[12]JIA J,LIU Y,GONG N Z.BadEncoder:Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning [C]//2022 IEEE Symposium on Security and Privacy(SP).San Francisco,CA,USA,2022:2043-2059.
[13]SOREMEKUN E,SAKSHI S,CHATT-OPADHYAY S.To-wards Backdoor Attacks and Defense in Robust Machine Lear-ning Models[J].Computers & Security,2023,127:103101.
[14]JIANG Y J,MA X J,ERFANI S M,et al.Backdoor Attacks on Time Series:A Generative Approach [J].arXiv:2211.07915,2023.
[15]SAHA A,SUBRAMANYA A,PIRS-IAVASH H.Hidden trigger backdoor attacks [C]//Proceedings of the AAAI Confe-rence on Artificial Intelligence.2020:11957-11965.
[16]ZHAO S H,MA X J,ZHENG X,et al.Clean-label backdoor attacks on video recognition models[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR).2020:14443-14452.
[17]CHENG S Y,LIU Y Q,MA S Q,et al.Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification [C]//Proceedings of the AAAI Conference on Artificial Intelligence.2021:1148-1156.
[18]ZHANG Z X,JIA J Y,WANG B H,et al.Backdoor attacks to graph neural networks [C]//Proceedings of the 26th ACM Symposium on Access Control Models and Technologies.2021:15-26.
[19]YANG Z Y,LYER N,REIMANN J,et al.Design of intentional backdoors in sequential models [J].arXiv:1902.09972,2019.
[20]NGUYEN A,TRAN A.Input-aware dynamic backdoor attack[C]//Advances in Neural Information Processing Systems 33(NeurIPS 2020).2020:3454-3464.
[21]WANG S,NEPAL S,RUDOLPH C,et al.Backdoor attacksagainst transfer learning with pre-trained deep learning models [J].IEEE Transactions on Services Computing,2022,15(3):1526-1539.
[1] YANG Heng, LIU Qinrang, FAN Wang, PEI Xue, WEI Shuai, WANG Xuan. Study on Deep Learning Automatic Scheduling Optimization Based on Feature Importance [J]. Computer Science, 2024, 51(7): 22-28.
[2] LI Jiaying, LIANG Yudong, LI Shaoji, ZHANG Kunpeng, ZHANG Chao. Study on Algorithm of Depth Image Super-resolution Guided by High-frequency Information ofColor Images [J]. Computer Science, 2024, 51(7): 197-205.
[3] SHI Dianxi, GAO Yunqi, SONG Linna, LIU Zhe, ZHOU Chenlei, CHEN Ying. Deep-Init:Non Joint Initialization Method for Visual Inertial Odometry Based on Deep Learning [J]. Computer Science, 2024, 51(7): 327-336.
[4] FAN Yi, HU Tao, YI Peng. Host Anomaly Detection Framework Based on Multifaceted Information Fusion of SemanticFeatures for System Calls [J]. Computer Science, 2024, 51(7): 380-388.
[5] LYU Yiming, WANG Jiyang. Iron Ore Image Classification Method Based on Improved Efficientnetv2 [J]. Computer Science, 2024, 51(6A): 230600212-6.
[6] YANG Xiuzhang, WU Shuai, REN Tianshu, LIAO Wenjing, XIANG Meiyu, YU Xiaomin, LIU Jianyi, CHEN Dengjian. Complex Environment License Plate Recognition Algorithm Based on Improved Image Enhancement and CNN [J]. Computer Science, 2024, 51(6A): 220200162-7.
[7] SONG Zhen, WANG Jiqiang, HOU Moyu, ZHAO Lin. Conveyor Belt Defect Detection Network Combining Attention Mechanism with Line Laser Assistance [J]. Computer Science, 2024, 51(6A): 230800115-6.
[8] WU Chunming, LIU Yali. Method for Lung Nodule Detection on CT Images Using Improved YOLOv5 [J]. Computer Science, 2024, 51(6A): 230500019-6.
[9] YIN Xudong, CHEN Junyang, ZHOU Bo. Study on Industrial Defect Augmentation Data Filtering Based on OOD Scores [J]. Computer Science, 2024, 51(6A): 230700111-7.
[10] QIAO Hong, XING Hongjie. Attention-based Multi-scale Distillation Anomaly Detection [J]. Computer Science, 2024, 51(6A): 230300223-11.
[11] SI Jia, LIANG Jianfeng, XIE Shuo, DENG Yingjun. Research Progress of Anomaly Detection in IaaS Cloud Operation Driven by Deep Learning [J]. Computer Science, 2024, 51(6A): 230400016-8.
[12] DUAN Pengsong, DIAO Xianguang, ZHANG Dalong, CAO Yangjie, LIU Guangyi, KONG Jinsheng. WiCare:Non-contact Fall Monitoring Model for Elderly in Toilet [J]. Computer Science, 2024, 51(6A): 230700044-8.
[13] WANG Yingjie, ZHANG Chengye, BAI Fengbo, WANG Zumin. Named Entity Recognition Approach of Judicial Documents Based on Transformer [J]. Computer Science, 2024, 51(6A): 230500164-9.
[14] LIANG Fang, XU Xuyao, ZHAO Kailong, ZHAO Xuanfeng, ZHANG Guijun. Remote Template Detection Algorithm and Its Application in Protein Structure Prediction [J]. Computer Science, 2024, 51(6A): 230600225-7.
[15] PENG Bo, LI Yaodong, GONG Xianfu, LI Hao. Method for Entity Relation Extraction Based on Heterogeneous Graph Neural Networks and TextSemantic Enhancement [J]. Computer Science, 2024, 51(6A): 230700071-5.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.