Artificial Brain Under Attack: Scientists Discover Method to Inject Baccors into Neural Networks

Scientists Discover “Back Door” Implementation in Neural Networks

By [Author]

Scientists from the University of Toronto and the Massachusetts Institute of Technology (MIT) have made a breakthrough in understanding the implementation of a “back door” in neural networks, potentially enabling attackers to manipulate their behavior. The study, published in IEEE TRANSACTIONS ONERAL NETWORKS and Learning Systems, sheds light on the vulnerability of neural networks to attacks.

Neural networks, widely used in machine learning algorithms, have the capacity to perform complex tasks such as person recognition, text translation, and image analysis. However, these networks are also susceptible to attacks that can compromise their functionality or exploit them for malicious purposes.

One specific attack method called a “back door” involves the introduction of a hidden trigger into a neural network, which remains dormant until specific conditions are met. For example, when a particular symbol or color appears in an image, the neural network may produce inaccurate results or unknowingly leak sensitive information.

In their research, the scientists developed a method that allows for the inconspicuous introduction of “back doors” into neural networks, eluding conventional detection methods. They utilized a technique known as “retraining,” whereby the neural network remembers specific examples from the training dataset rather than summarizing it. This approach enabled them to create triggers that only activate in certain images, rather than across all instances.

The scientists conducted experiments on various types of neural networks and demonstrated the effectiveness of their method in introducing “back doors.” They also showcased the resilience of their approach against various protective measures employed to counter such attacks.

The researchers underscore that their study does not advocate for the use of “back doors” in neural networks. Rather, it serves as a warning about the potential threat and aims to stimulate the development of more robust methods in detecting and preventing such attacks.

/Reports, release notes, official announcements.