Backdoor Attack and Defense for Deep Regression

We demonstrate a backdoor attack on deep regression, with an example from financial derivatives pricing. The backdoor attack is localized based on training-set data poisoning wherein the mislabeled samples are surrounded by correctly supervised ones. We demonstrate how such localization is necessary for attack success. We also study the performance of a backdoor defense using gradient-based discovery of local error maximizers. Local error maximizers which are associated with significant (interpolation) error, and are proximal to many training samples, are suspicious. This method is also used to accurately train for deep regression in the first place by active (deep) learning leveraging an “oracle” capable of providing real-valued supervision (a regression target) for samples. Such oracles, including traditional numerical solvers of the pricing PDEs are far more computationally costly at (test-time) inference, compared to deep regression.

[1]  George Kesidis,et al.  Adversarial learning: A critical review and active learning study , 2017, 2017 IEEE 27th International Workshop on Machine Learning for Signal Processing (MLSP).

[2]  Radu Horaud,et al.  A Comprehensive Analysis of Deep Regression , 2018, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[3]  Johannes Ruf,et al.  Neural Networks for Option Pricing and Hedging: A Literature Review , 2019, ArXiv.

[4]  Xin-She Yang,et al.  Cuckoo Search via Lévy flights , 2009, 2009 World Congress on Nature & Biologically Inspired Computing (NaBIC).

[5]  Evgenii Tsymbalov,et al.  Dropout-based Active Learning for Regression , 2018, AIST.

[6]  Sebastian Ruder,et al.  An overview of gradient descent optimization algorithms , 2016, Vestnik komp'iuternykh i informatsionnykh tekhnologii.

[7]  David J. Miller,et al.  Unsupervised learning of parsimonious mixtures on large spaces with integrated feature and component selection , 2006, IEEE Transactions on Signal Processing.

[8]  Zhen Xiang,et al.  Adversarial Learning in Statistical Classification: A Comprehensive Review of Defenses Against Attacks , 2019, ArXiv.

[9]  Ammar Belatreche,et al.  Detecting price manipulation in the financial market , 2014, 2014 IEEE Conference on Computational Intelligence for Financial Engineering & Economics (CIFEr).

[10]  Jenq-Neng Hwang,et al.  Solving inverse problems by Bayesian neural network iterative inversion with ground truth incorporation , 1997, IEEE Trans. Signal Process..

[11]  Dongrui Wu,et al.  Active Learning for Regression Using Greedy Sampling , 2018, Inf. Sci..

[12]  Zhihui Li,et al.  A Survey of Deep Active Learning , 2020, ACM Comput. Surv..

[13]  George Kesidis,et al.  Robust and Active Learning for Deep Neural Network Regression , 2021, ArXiv.

[14]  Joachim Denzler,et al.  Active Learning for Regression Tasks with Expected Model Output Changes , 2018, BMVC.

[15]  Andrew Green,et al.  Deeply Learning Derivatives , 2018, 1809.02233.

[16]  David J. Miller,et al.  Revealing Backdoors, Post-Training, in DNN Classifiers via Novel Inference on Optimized Perturbations Inducing Group Misclassification , 2019, ICASSP 2020 - 2020 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP).

[17]  George Kesidis,et al.  Detecting Scene-Plausible Perceptible Backdoors in Trained DNNs Without Access to the Training Set , 2021, Neural Computation.

[18]  Zhen Xiang,et al.  Reverse Engineering Imperceptible Backdoor Attacks on Deep Neural Networks for Detection and Training Set Cleansing , 2020, Comput. Secur..