A Textual Clean-Label Backdoor Attack Strategy against Spam Detection

Fahri Anil Yerlikaya; Serif Bahtiyar

doi:10.1109/SIN54109.2021.9699173

A Textual Clean-Label Backdoor Attack Strategy against Spam Detection

Fahri Anil Yerlikaya
, Serif Bahtiyar

Bilgisayar Mühendisliği Bölümü

Istanbul Technical University

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

2 Atıf (Scopus)

Özet

Recently, one of the popular areas that uses machine learning is the dynamic spam detection. They use it to upgrade their detection models with newly collected data against various attacks. On the other hand, many methods have been developed to reduce the success rate of the security layer of target systems that use machine learning algorithms for detection. Specifically, attackers insert poisoned data samples that contain trigger words or a sentence into the training dataset of a target system, which reduces the learning rate of the machine learning model. In this case, the number of false-positives increases when a spam sentence contains this trigger, which is called a backdoor in machine learning. In this research, we have focused on the clean-label backdoor attack, which has correctly labeled poisoned data samples. We propose an approach where these samples lead the machine learning model to learn the trigger words when the triggers occur. We empirically analyze the proposed approach with an SMS spam dataset. Our experimental results show that with a correct setting and specially crafted clean-label poisoning data samples, predictions of an LSTM model can be successfully deceived.

Orijinal dil	İngilizce
Ana bilgisayar yayını başlığı	Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021
Editörler	Andrei Petrovski, Naghmeh Moradpoor, Atilla Elci
Yayınlayan	Institute of Electrical and Electronics Engineers Inc.
ISBN (Elektronik)	9781728192666
DOI'lar	https://doi.org/10.1109/SIN54109.2021.9699173
Yayın durumu	Yayınlandı - 2021
Etkinlik	14th International Conference on Security of Information and Networks, SIN 2021 - Virtual, Online, United Kingdom Süre: 15 Ara 2021 → 17 Ara 2021

Yayın serisi

Adı	Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021

???event.eventtypes.event.conference???

???event.eventtypes.event.conference???	14th International Conference on Security of Information and Networks, SIN 2021
Ülke/Bölge	United Kingdom
Şehir	Virtual, Online
Periyot	15/12/21 → 17/12/21

Bibliyografik not

Publisher Copyright:
© 2021 IEEE.

Belgeye Erişim

10.1109/SIN54109.2021.9699173

Diğer Dosyalar ve Linkler

Link to publication in Scopus

Alıntı Yap

Yerlikaya, F. A., & Bahtiyar, S. (2021). A Textual Clean-Label Backdoor Attack Strategy against Spam Detection. In A. Petrovski, N. Moradpoor, & A. Elci (Eds.), Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021 (Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SIN54109.2021.9699173

Yerlikaya, Fahri Anil ; Bahtiyar, Serif. / A Textual Clean-Label Backdoor Attack Strategy against Spam Detection. Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021. editör / Andrei Petrovski ; Naghmeh Moradpoor ; Atilla Elci. Institute of Electrical and Electronics Engineers Inc., 2021. (Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021).

@inproceedings{904fd35804a34b399841b535ddc826d3,

title = "A Textual Clean-Label Backdoor Attack Strategy against Spam Detection",

abstract = "Recently, one of the popular areas that uses machine learning is the dynamic spam detection. They use it to upgrade their detection models with newly collected data against various attacks. On the other hand, many methods have been developed to reduce the success rate of the security layer of target systems that use machine learning algorithms for detection. Specifically, attackers insert poisoned data samples that contain trigger words or a sentence into the training dataset of a target system, which reduces the learning rate of the machine learning model. In this case, the number of false-positives increases when a spam sentence contains this trigger, which is called a backdoor in machine learning. In this research, we have focused on the clean-label backdoor attack, which has correctly labeled poisoned data samples. We propose an approach where these samples lead the machine learning model to learn the trigger words when the triggers occur. We empirically analyze the proposed approach with an SMS spam dataset. Our experimental results show that with a correct setting and specially crafted clean-label poisoning data samples, predictions of an LSTM model can be successfully deceived.",

keywords = "Adversarial Machine Learning, Backdoor Attack, Cyber-Security, Data Poisoning, LSTM, Text Classification",

author = "Yerlikaya, \{Fahri Anil\} and Serif Bahtiyar",

note = "Publisher Copyright: {\textcopyright} 2021 IEEE.; 14th International Conference on Security of Information and Networks, SIN 2021 ; Conference date: 15-12-2021 Through 17-12-2021",

year = "2021",

doi = "10.1109/SIN54109.2021.9699173",

language = "English",

series = "Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

editor = "Andrei Petrovski and Naghmeh Moradpoor and Atilla Elci",

booktitle = "Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021",

address = "United States",

}

Yerlikaya, FA & Bahtiyar, S 2021, A Textual Clean-Label Backdoor Attack Strategy against Spam Detection. in A Petrovski, N Moradpoor & A Elci (eds), Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021. Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021, Institute of Electrical and Electronics Engineers Inc., 14th International Conference on Security of Information and Networks, SIN 2021, Virtual, Online, United Kingdom, 15/12/21. https://doi.org/10.1109/SIN54109.2021.9699173

A Textual Clean-Label Backdoor Attack Strategy against Spam Detection. / Yerlikaya, Fahri Anil; Bahtiyar, Serif.
Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021. ed. / Andrei Petrovski; Naghmeh Moradpoor; Atilla Elci. Institute of Electrical and Electronics Engineers Inc., 2021. (Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021).

Araştırma sonucu: Kitap/Rapor/Konferans Bildirisinde Bölüm › Konferans katkısı › bilirkişi

TY - GEN

T1 - A Textual Clean-Label Backdoor Attack Strategy against Spam Detection

AU - Yerlikaya, Fahri Anil

AU - Bahtiyar, Serif

PY - 2021

Y1 - 2021

N2 - Recently, one of the popular areas that uses machine learning is the dynamic spam detection. They use it to upgrade their detection models with newly collected data against various attacks. On the other hand, many methods have been developed to reduce the success rate of the security layer of target systems that use machine learning algorithms for detection. Specifically, attackers insert poisoned data samples that contain trigger words or a sentence into the training dataset of a target system, which reduces the learning rate of the machine learning model. In this case, the number of false-positives increases when a spam sentence contains this trigger, which is called a backdoor in machine learning. In this research, we have focused on the clean-label backdoor attack, which has correctly labeled poisoned data samples. We propose an approach where these samples lead the machine learning model to learn the trigger words when the triggers occur. We empirically analyze the proposed approach with an SMS spam dataset. Our experimental results show that with a correct setting and specially crafted clean-label poisoning data samples, predictions of an LSTM model can be successfully deceived.

AB - Recently, one of the popular areas that uses machine learning is the dynamic spam detection. They use it to upgrade their detection models with newly collected data against various attacks. On the other hand, many methods have been developed to reduce the success rate of the security layer of target systems that use machine learning algorithms for detection. Specifically, attackers insert poisoned data samples that contain trigger words or a sentence into the training dataset of a target system, which reduces the learning rate of the machine learning model. In this case, the number of false-positives increases when a spam sentence contains this trigger, which is called a backdoor in machine learning. In this research, we have focused on the clean-label backdoor attack, which has correctly labeled poisoned data samples. We propose an approach where these samples lead the machine learning model to learn the trigger words when the triggers occur. We empirically analyze the proposed approach with an SMS spam dataset. Our experimental results show that with a correct setting and specially crafted clean-label poisoning data samples, predictions of an LSTM model can be successfully deceived.

KW - Adversarial Machine Learning

KW - Backdoor Attack

KW - Cyber-Security

KW - Data Poisoning

KW - LSTM

KW - Text Classification

UR - https://www.scopus.com/pages/publications/85127226133

U2 - 10.1109/SIN54109.2021.9699173

DO - 10.1109/SIN54109.2021.9699173

M3 - Conference contribution

AN - SCOPUS:85127226133

T3 - Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021

BT - Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021

A2 - Petrovski, Andrei

A2 - Moradpoor, Naghmeh

A2 - Elci, Atilla

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 14th International Conference on Security of Information and Networks, SIN 2021

Y2 - 15 December 2021 through 17 December 2021

ER -

Yerlikaya FA, Bahtiyar S. A Textual Clean-Label Backdoor Attack Strategy against Spam Detection. In Petrovski A, Moradpoor N, Elci A, editörler, Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021. Institute of Electrical and Electronics Engineers Inc. 2021. (Proceedings - 2021 14th International Conference on Security of Information and Networks, SIN 2021). doi: 10.1109/SIN54109.2021.9699173

A Textual Clean-Label Backdoor Attack Strategy against Spam Detection

Özet

Yayın serisi

???event.eventtypes.event.conference???

Bibliyografik not

Belgeye Erişim

Diğer Dosyalar ve Linkler

Parmak izi

Alıntı Yap