DB-COVIDNet: A Defense Method against Backdoor Attacks

Samaneh Shamshiri, Ki Jin Han, Insoo Sohn

Research output: Contribution to journalArticlepeer-review

3 Scopus citations

Abstract

With the emergence of COVID-19 disease in 2019, machine learning (ML) techniques, specifically deep learning networks (DNNs), played a key role in diagnosing the disease in the medical industry due to their superior performance. However, the computational cost of deep learning networks (DNNs) can be quite high, making it necessary to often outsource the training process to third-party providers, such as machine learning as a service (MLaaS). Therefore, careful consideration is required to achieve robustness in DNN-based systems against cyber-security attacks. In this paper, we propose a method called the dropout-bagging (DB-COVIDNet) algorithm, which works as a robust defense mechanism against poisoning backdoor attacks. In this model, the trigger-related features will be removed by the modified dropout algorithm, and then we will use the new voting method in the bagging algorithm to achieve the final results. We considered AC-COVIDNet as the main inducer of the bagging algorithm, which is an attention-guided contrastive convolutional neural network (CNN), and evaluated the performance of the proposed method with the malicious COVIDx dataset. The results demonstrated that DB-COVIDNet has strong robustness and can significantly reduce the effect of the backdoor attack. The proposed DB-COVIDNet nullifies backdoors before the attack has been activated, resulting in a tremendous reduction in the attack success rate from  (Formula presented.)  to  (Formula presented.)  with high accuracy on the clean data.

Original languageEnglish
Article number4236
JournalMathematics
Volume11
Issue number20
DOIs
StatePublished - Oct 2023

Keywords

  • backdoor attacks
  • bagging network
  • convolutional neural network
  • COVID-19
  • DB-COVIDNet
  • dropout algorithm

Fingerprint

Dive into the research topics of 'DB-COVIDNet: A Defense Method against Backdoor Attacks'. Together they form a unique fingerprint.

Cite this