{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,3]],"date-time":"2025-06-03T06:05:07Z","timestamp":1748930707926,"version":"3.40.3"},"publisher-location":"Cham","reference-count":53,"publisher":"Springer International Publishing","isbn-type":[{"type":"print","value":"9783030987947"},{"type":"electronic","value":"9783030987954"}],"license":[{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2022,1,1]],"date-time":"2022-01-01T00:00:00Z","timestamp":1640995200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022]]},"DOI":"10.1007\/978-3-030-98795-4_13","type":"book-chapter","created":{"date-parts":[[2022,4,7]],"date-time":"2022-04-07T18:03:58Z","timestamp":1649354638000},"page":"313-334","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":9,"title":["Deep Learning Backdoors"],"prefix":"10.1007","author":[{"given":"Shaofeng","family":"Li","sequence":"first","affiliation":[]},{"given":"Shiqing","family":"Ma","sequence":"additional","affiliation":[]},{"given":"Minhui","family":"Xue","sequence":"additional","affiliation":[]},{"given":"Benjamin Zi Hao","family":"Zhao","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2022,4,8]]},"reference":[{"key":"13_CR1","unstructured":"Adi, Y., Baum, C., Ciss\u00e9, M., Pinkas, B., Keshet, J.: Turning your weakness into a strength: watermarking deep neural networks by backdooring. In: 27th USENIX Security Symposium, USENIX Security 2018, Baltimore, MD, USA, 15\u201317 August 2018, pp. 1615\u20131631 (2018)"},{"key":"13_CR2","doi-asserted-by":"crossref","unstructured":"Alzantot, M., Sharma, Y., Elgohary, A., Ho, B., Srivastava, M.B., Chang, K.: Generating natural language adversarial examples. In: Riloff, E., Chiang, D., Hockenmaier, J., Tsujii, J. (eds.) Proceedings of the 2018 Conference on Empirical Methods in Natural Language Processing, Brussels, Belgium, 31 October\u20134 November 2018, pp. 2890\u20132896. Association for Computational Linguistics (2018)","DOI":"10.18653\/v1\/D18-1316"},{"key":"13_CR3","unstructured":"Bagdasaryan, E., Shmatikov, V.: Blind backdoors in deep learning models. arXiv preprint arXiv:2005.03823 (2020)"},{"key":"13_CR4","unstructured":"Bagdasaryan, E., Veit, A., Hua, Y., Estrin, D., Shmatikov, V.: How to backdoor federated learning. In: International Conference on Artificial Intelligence and Statistics, pp. 2938\u20132948 (2020)"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Barni, M., Kallas, K., Tondi, B.: A new backdoor attack in CNNs by training set corruption without label poisoning. In: 2019 IEEE International Conference on Image Processing (ICIP), pp. 101\u2013105. IEEE (2019)","DOI":"10.1109\/ICIP.2019.8802997"},{"key":"13_CR6","unstructured":"Chen, X., Liu, C., Li, B., Lu, K., Song, D.: Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526 (2017)"},{"key":"13_CR7","doi-asserted-by":"crossref","unstructured":"Chen, X., Salem, A., Backes, M., Ma, S., Zhang, Y.: BadNL: backdoor attacks against NLP models. arXiv preprint arXiv:2006.01043 (2020)","DOI":"10.1145\/3485832.3485837"},{"key":"13_CR8","doi-asserted-by":"crossref","unstructured":"Costales, R., Mao, C., Norwitz, R., Kim, B., Yang, J.: Live trojan attacks on deep neural networks. In: Proceedings of the IEEE\/CVF Conference on Computer Vision and Pattern Recognition Workshops, pp. 796\u2013797 (2020)","DOI":"10.1109\/CVPRW50498.2020.00406"},{"key":"13_CR9","doi-asserted-by":"publisher","first-page":"138872","DOI":"10.1109\/ACCESS.2019.2941376","volume":"7","author":"J Dai","year":"2019","unstructured":"Dai, J., Chen, C., Li, Y.: A backdoor attack against LSTM-Based text classification systems. IEEE Access 7, 138872\u2013138878 (2019)","journal-title":"IEEE Access"},{"issue":"5\u20136","key":"13_CR10","doi-asserted-by":"publisher","first-page":"313","DOI":"10.1016\/j.crma.2012.03.014","volume":"350","author":"J-A D\u00e9sid\u00e9ri","year":"2012","unstructured":"D\u00e9sid\u00e9ri, J.-A.: Multiple-gradient descent algorithm (MGDA) for multiobjective optimization. C.R. Math. 350(5\u20136), 313\u2013318 (2012)","journal-title":"C.R. Math."},{"key":"13_CR11","doi-asserted-by":"crossref","unstructured":"Dumford, J., Scheirer, W.J.: Backdooring convolutional neural networks via targeted weight perturbations. In: 2020 IEEE International Joint Conference on Biometrics, IJCB 2020, Houston, TX, USA, 28 September\u20131 October 2020, pp. 1\u20139. IEEE (2020)","DOI":"10.1109\/IJCB48548.2020.9304875"},{"key":"13_CR12","doi-asserted-by":"crossref","unstructured":"Gao, Y., Xu, C., Wang, D., Chen, S., Ranasinghe, D.C., Nepal, S.: Strip: a defence against trojan attacks on deep neural networks. In: Proceedings of the 35th Annual Computer Security Applications Conference, pp. 113\u2013125 (2019)","DOI":"10.1145\/3359789.3359790"},{"key":"13_CR13","unstructured":"Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672\u20132680 (2014)"},{"key":"13_CR14","doi-asserted-by":"publisher","first-page":"47230","DOI":"10.1109\/ACCESS.2019.2909068","volume":"7","author":"T Gu","year":"2019","unstructured":"Gu, T., Dolan-Gavitt, B., Garg, S.: BadNets: identifying vulnerabilities in the machine learning model supply chain. IEEE Access 7, 47230\u201347244 (2019)","journal-title":"IEEE Access"},{"key":"13_CR15","unstructured":"Heffner, C.: Binwalk: firmware analysis tool (2010). https:\/\/code.google.com\/p\/binwalk\/. Accessed 03 Mar 2013"},{"key":"13_CR16","unstructured":"IARPA. Trojans in artificial intelligence (TrojAI)"},{"key":"13_CR17","unstructured":"Kaggle. Toxic comment classification challenge (2020). https:\/\/www.kaggle.com\/c\/jigsaw-toxic-comment-classification-challenge\/. Accessed 24 June 2020"},{"key":"13_CR18","doi-asserted-by":"crossref","unstructured":"Kiourti, P., Wardega, K., Jha, S., Li, W.: TrojDRL: evaluation of backdoor attacks on deep reinforcement learning. In: 2020 57th ACM\/IEEE Design Automation Conference (DAC), pp. 1\u20136 (2020)","DOI":"10.1109\/DAC18072.2020.9218663"},{"key":"13_CR19","doi-asserted-by":"crossref","unstructured":"Kurita, K., Michel, P., Neubig, G.: Weight poisoning attacks on pretrained models. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics (Online, July 2020), pp. 2793\u20132806. Association for Computational Linguistics (2020)","DOI":"10.18653\/v1\/2020.acl-main.249"},{"issue":"3","key":"13_CR20","doi-asserted-by":"publisher","first-page":"49","DOI":"10.1109\/MSP.2011.67","volume":"9","author":"R Langner","year":"2011","unstructured":"Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49\u201351 (2011)","journal-title":"IEEE Secur. Priv."},{"key":"13_CR21","unstructured":"Li, H., Willson, E., Zheng, H., Zhao, B.Y.: Persistent and unforgeable watermarks for deep neural networks. arXiv preprint arXiv:1910.01226 (2019)"},{"key":"13_CR22","doi-asserted-by":"crossref","unstructured":"Li, S., et al.: Hidden backdoors in human-centric language models. In: Kim, Y., Kim, J., Vigna, G., Shi, E. (eds.) 2021 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, CCS 2021, Republic of Korea, 15\u201319 November 2021, pp. 3123\u20133140. ACM (2021)","DOI":"10.1145\/3460120.3484576"},{"key":"13_CR23","first-page":"2088","volume":"18","author":"S Li","year":"2020","unstructured":"Li, S., Xue, M., Zhao, B., Zhu, H., Zhang, X.: Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Trans. Dependable Secure Comput. 18, 2088\u20132105 (2020)","journal-title":"IEEE Trans. Dependable Secure Comput."},{"key":"13_CR24","volume-title":"The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory","author":"MH Ligh","year":"2014","unstructured":"Ligh, M.H., Case, A., Levy, J., Walters, A.: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Wiley, Hoboken (2014)"},{"key":"13_CR25","doi-asserted-by":"crossref","unstructured":"Lin, J., Xu, L., Liu, Y., Zhang, X.: Composite backdoor attack for deep neural network by mixing existing benign features. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 113\u2013131 (2020)","DOI":"10.1145\/3372297.3423362"},{"key":"13_CR26","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"273","DOI":"10.1007\/978-3-030-00470-5_13","volume-title":"Research in Attacks, Intrusions, and Defenses","author":"K Liu","year":"2018","unstructured":"Liu, K., Dolan-Gavitt, B., Garg, S.: Fine-pruning: defending against backdooring attacks on deep neural networks. In: Bailey, M., Holz, T., Stamatogiannakis, M., Ioannidis, S. (eds.) RAID 2018. LNCS, vol. 11050, pp. 273\u2013294. Springer, Cham (2018). https:\/\/doi.org\/10.1007\/978-3-030-00470-5_13"},{"key":"13_CR27","doi-asserted-by":"crossref","unstructured":"Liu, Y., Lee, W.-C., Tao, G., Ma, S., Aafer, Y., Zhang, X.: Abs: scanning neural networks for back-doors by artificial brain stimulation. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1265\u20131282 (2019)","DOI":"10.1145\/3319535.3363216"},{"key":"13_CR28","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Trojaning attack on neural networks. In: The Network and Distributed System Security Symposium (NDSS) (2017)","DOI":"10.14722\/ndss.2018.23291"},{"key":"13_CR29","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: Trojaning attack on neural networks. In: 25nd Annual Network and Distributed System Security Symposium, NDSS 2018, San Diego, California, USA, 18\u201321 February 2018. The Internet Society (2018)","DOI":"10.14722\/ndss.2018.23291"},{"key":"13_CR30","doi-asserted-by":"crossref","unstructured":"Liu, Y., et al.: A survey on neural trojans. IACR Cryptology ePrint Archive 2020\/201 (2020)","DOI":"10.1109\/ISQED48828.2020.9137011"},{"key":"13_CR31","unstructured":"Mirza, M., Osindero, S.: Conditional generative adversarial nets. arXiv preprint arXiv:1411.1784 (2014)"},{"key":"13_CR32","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: 2017 IEEE Conference on Computer Vision and Pattern Recognition, CVPR 2017, Honolulu, HI, USA, 21\u201326 July 2017, pp. 86\u201394 (2017)","DOI":"10.1109\/CVPR.2017.17"},{"key":"13_CR33","doi-asserted-by":"crossref","unstructured":"Moosavi-Dezfooli, S.-M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1765\u20131773 (2017)","DOI":"10.1109\/CVPR.2017.17"},{"key":"13_CR34","unstructured":"Rezende, D.J., Mohamed, S., Wierstra, D.: Stochastic backpropagation and approximate inference in deep generative models. arXiv preprint arXiv:1401.4082 (2014)"},{"key":"13_CR35","doi-asserted-by":"crossref","unstructured":"Saha, A., Subramanya, A., Pirsiavash, H.: Hidden trigger backdoor attacks. In: The Thirty-Fourth AAAI Conference on Artificial Intelligence, AAAI 2020, New York, NY, USA, 7\u201312 February 2020, pp. 11957\u201311965. AAAI Press (2020)","DOI":"10.1609\/aaai.v34i07.6871"},{"key":"13_CR36","unstructured":"Salem, A., Wen, R., Backes, M., Ma, S., Zhang, Y.: Dynamic backdoor attacks against machine learning models. arXiv preprint arXiv:2003.03675 (2020)"},{"key":"13_CR37","doi-asserted-by":"crossref","unstructured":"Shafahi, A., Najibi, M., Xu, Z., Dickerson, J.P., Davis, L.S., Goldstein, T.: Universal adversarial training. In: The Thirty-Fourth AAAI Conference on Artificial Intelligence, AAAI 2020, New York, NY, USA, 7\u201312 February 2020, pp. 5636\u20135643. AAAI Press (2020)","DOI":"10.1609\/aaai.v34i04.6017"},{"key":"13_CR38","doi-asserted-by":"crossref","unstructured":"Shan, S., Wenger, E., Wang, B., Li, B., Zheng, H., Zhao, B.Y.: Gotta catch\u2019em all: using honeypots to catch adversarial attacks on neural networks. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, CCS (2020)","DOI":"10.1145\/3372297.3417231"},{"key":"13_CR39","doi-asserted-by":"crossref","unstructured":"Shan, S., Wenger, E., Wang, B., Li, B., Zheng, H., Zhao, B.Y.: Gotta catch\u2019em all: using honeypots to catch adversarial attacks on neural networks. In: 2020 ACM SIGSAC Conference on Computer and Communications Security, Virtual Event, CCS 2020, USA, 9\u201313 November 2020, pp. 67\u201383. ACM (2020)","DOI":"10.1145\/3372297.3417231"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Shokri, R., Stronati, M., Song, C., Shmatikov, V.: Membership inference attacks against machine learning models. In: IEEE Symposium on Security and Privacy, pp. 3\u201318. IEEE (2017)","DOI":"10.1109\/SP.2017.41"},{"key":"13_CR41","doi-asserted-by":"crossref","unstructured":"Tan, T.J.L., Shokri, R.: Bypassing backdoor detection algorithms in deep learning. In: IEEE European Symposium on Security and Privacy, EuroS&P 2020, Genoa, Italy, 7\u201311 September 2020, pp. 175\u2013183. IEEE (2020)","DOI":"10.1109\/EuroSP48549.2020.00019"},{"key":"13_CR42","unstructured":"Turner, A., Tsipras, D., Madry, A.: Clean-label backdoor attacks"},{"key":"13_CR43","doi-asserted-by":"crossref","unstructured":"Wang, B., et al.: Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 707\u2013723. IEEE (2019)","DOI":"10.1109\/SP.2019.00031"},{"key":"13_CR44","doi-asserted-by":"crossref","unstructured":"Wang, Y., Sarkar, E., Maniatakos, M., Jabari, S.E.: Stop-and-go: exploring backdoor attacks on deep reinforcement learning-based traffic congestion control systems. arXiv preprint arXiv:2003.07859 (2020)","DOI":"10.1109\/CDC45484.2021.9683577"},{"key":"13_CR45","unstructured":"Wenger, E., Passananti, J., Yao, Y., Zheng, H., Zhao, B.Y.: Backdoor attacks on facial recognition in the physical world. arXiv preprint arXiv:2006.14580 (2020)"},{"key":"13_CR46","unstructured":"Xi, Z., Pang, R., Ji, S., Wang, T.: Graph backdoor. In: 30th USENIX Security Symposium, USENIX Security 2021 (2021)"},{"key":"13_CR47","doi-asserted-by":"crossref","unstructured":"Xiang, Z., Miller, D.J., Kesidis, G.: Revealing backdoors, post-training, in DNN classifiers via novel inference on optimized perturbations inducing group misclassification. In: IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) (2020)","DOI":"10.1109\/ICASSP40776.2020.9054581"},{"key":"13_CR48","unstructured":"Xie, C., Huang, K., Chen, P.-Y., Li, B.: DBA: distributed backdoor attacks against federated learning. In: International Conference on Learning Representations (2019)"},{"key":"13_CR49","unstructured":"Yang, Z., Iyer, N., Reimann, J., Virani, N.: Design of intentional backdoors in sequential models. CoRR abs\/1902.09972 (2019)"},{"key":"13_CR50","doi-asserted-by":"crossref","unstructured":"Yao, Y., Li, H., Zheng, H., Zhao, B.Y.: Latent backdoor attacks on deep neural networks. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 2041\u20132055 (2019)","DOI":"10.1145\/3319535.3354209"},{"key":"13_CR51","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Jia, J., Wang, B., Gong, N.Z.: Backdoor attacks to graph neural networks. arXiv preprint arXiv:2006.11165 (2020)","DOI":"10.1145\/3450569.3463560"},{"key":"13_CR52","doi-asserted-by":"crossref","unstructured":"Zhao, B., Lao, Y.: Resilience of pruned neural network against poisoning attack. In: 2018 13th International Conference on Malicious and Unwanted Software (MALWARE), pp. 78\u201383. IEEE (2018)","DOI":"10.1109\/MALWARE.2018.8659362"},{"key":"13_CR53","doi-asserted-by":"crossref","unstructured":"Zhong, H., Liao, C., Squicciarini, A.C., Zhu, S., Miller, D.J.: Backdoor embedding in convolutional neural network models via invisible perturbation. In: Tenth ACM Conference on Data and Application Security and Privacy, CODASPY 2020, New Orleans, LA, USA, 16\u201318 March 2020, pp. 97\u2013108. ACM (2020)","DOI":"10.1145\/3374664.3375751"}],"container-title":["Lecture Notes in Computer Science","Security and Artificial Intelligence"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-030-98795-4_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,4,7]],"date-time":"2022-04-07T18:13:49Z","timestamp":1649355229000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-030-98795-4_13"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022]]},"ISBN":["9783030987947","9783030987954"],"references-count":53,"URL":"https:\/\/doi.org\/10.1007\/978-3-030-98795-4_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2022]]},"assertion":[{"value":"8 April 2022","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}}]}}