论文标题
后门攻击对潜在空间分布的复杂性的影响
Effect of backdoor attacks over the complexity of the latent space distribution
论文作者
论文摘要
输入空间复杂性决定了模型提取其知识并将属性空间转化为通常假定的函数的功能,作为层之间非线性函数的串联。在存在后门攻击的情况下,空间复杂性发生了变化,并引起了直接影响模型训练的类之间的相似性。结果,该模型倾向于过度拟合输入集。在这项研究中,我们建议D-Vine Copula自动编码器(VCAE)作为在后门触发器存在下估计潜在空间分布的工具。由于没有对分布估计的假设,例如变异自动编码器(VAE)。可以观察随机生成的未攻击类别中的后门邮票。我们在分布的成对表示中表现出干净的模型(基线)和攻击的模型(基线)(后门)之间的差异。这个想法是说明后门功能引起的输入空间的依赖性结构变化。最后,我们量化了熵的变化以及模型之间的kullback-leibler差异。在我们的结果中,我们发现潜在空间中的熵增加了大约27 \%,因为后门触发器已添加到输入中
The input space complexity determines the model's capabilities to extract their knowledge and translate the space of attributes into a function which is assumed in general, as a concatenation of non-linear functions between layers. In the presence of backdoor attacks, the space complexity changes, and induces similarities between classes that directly affect the model's training. As a consequence, the model tends to overfit the input set. In this research, we suggest the D-vine Copula Auto-Encoder (VCAE) as a tool to estimate the latent space distribution under the presence of backdoor triggers. Since no assumptions are made on the distribution estimation, like in Variational Autoencoders (VAE). It is possible to observe the backdoor stamp in non-attacked categories randomly generated. We exhibit the differences between a clean model (baseline) and the attacked one (backdoor) in a pairwise representation of the distribution. The idea is to illustrate the dependency structure change in the input space induced by backdoor features. Finally, we quantify the entropy's changes and the Kullback-Leibler divergence between models. In our results, we found the entropy in the latent space increases by around 27\% due to the backdoor trigger added to the input
