{"id":"https://openalex.org/W2905379489","doi":"https://doi.org/10.1109/ijcb48548.2020.9304875","title":"Backdooring Convolutional Neural Networks via Targeted Weight Perturbations","display_name":"Backdooring Convolutional Neural Networks via Targeted Weight Perturbations","publication_year":2020,"publication_date":"2020-09-28","ids":{"openalex":"https://openalex.org/W2905379489","doi":"https://doi.org/10.1109/ijcb48548.2020.9304875","mag":"2905379489"},"language":"en","primary_location":{"id":"doi:10.1109/ijcb48548.2020.9304875","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcb48548.2020.9304875","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Joint Conference on Biometrics (IJCB)","raw_type":"proceedings-article"},"type":"preprint","indexed_in":["arxiv","crossref","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/1812.03128","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5089778294","display_name":"Jacob Dumford","orcid":null},"institutions":[{"id":"https://openalex.org/I107639228","display_name":"University of Notre Dame","ror":"https://ror.org/00mkhxb43","country_code":"US","type":"education","lineage":["https://openalex.org/I107639228"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Jacob Dumford","raw_affiliation_strings":["University of Notre Dame"],"affiliations":[{"raw_affiliation_string":"University of Notre Dame","institution_ids":["https://openalex.org/I107639228"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5091513740","display_name":"Walter J. Scheirer","orcid":"https://orcid.org/0000-0001-9649-8074"},"institutions":[{"id":"https://openalex.org/I107639228","display_name":"University of Notre Dame","ror":"https://ror.org/00mkhxb43","country_code":"US","type":"education","lineage":["https://openalex.org/I107639228"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Walter Scheirer","raw_affiliation_strings":["University of Notre Dame"],"affiliations":[{"raw_affiliation_string":"University of Notre Dame","institution_ids":["https://openalex.org/I107639228"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":2,"corresponding_author_ids":["https://openalex.org/A5089778294"],"corresponding_institution_ids":["https://openalex.org/I107639228"],"apc_list":null,"apc_paid":null,"fwci":2.8798,"has_fulltext":true,"cited_by_count":26,"citation_normalized_percentile":{"value":0.92323403,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"9"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.998199999332428,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9847999811172485,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.8996101021766663},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7378573417663574},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.7334922552108765},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6943097114562988},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.563498318195343},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5513588190078735},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.5083329081535339},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.501511812210083},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.4995596408843994},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.444757878780365},{"id":"https://openalex.org/keywords/facial-recognition-system","display_name":"Facial recognition system","score":0.44099748134613037},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.43819326162338257},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.41629230976104736},{"id":"https://openalex.org/keywords/pattern-recognition","display_name":"Pattern recognition (psychology)","score":0.2972639203071594},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.1778239607810974}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.8996101021766663},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7378573417663574},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.7334922552108765},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6943097114562988},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.563498318195343},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5513588190078735},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.5083329081535339},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.501511812210083},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4995596408843994},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.444757878780365},{"id":"https://openalex.org/C31510193","wikidata":"https://www.wikidata.org/wiki/Q1192553","display_name":"Facial recognition system","level":3,"score":0.44099748134613037},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.43819326162338257},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.41629230976104736},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.2972639203071594},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.1778239607810974},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":4,"locations":[{"id":"doi:10.1109/ijcb48548.2020.9304875","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ijcb48548.2020.9304875","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2020 IEEE International Joint Conference on Biometrics (IJCB)","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:1812.03128","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1812.03128","pdf_url":"https://arxiv.org/pdf/1812.03128","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"mag:2905379489","is_oa":true,"landing_page_url":"https://arxiv.org/pdf/1812.03128","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"arXiv (Cornell University)","raw_type":null},{"id":"doi:10.48550/arxiv.1812.03128","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.1812.03128","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:1812.03128","is_oa":true,"landing_page_url":"http://arxiv.org/abs/1812.03128","pdf_url":"https://arxiv.org/pdf/1812.03128","source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.46000000834465027,"id":"https://metadata.un.org/sdg/16"}],"awards":[],"funders":[],"has_content":{"pdf":true,"grobid_xml":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2905379489.pdf","grobid_xml":"https://content.openalex.org/works/W2905379489.grobid-xml"},"referenced_works_count":39,"referenced_works":["https://openalex.org/W1492832459","https://openalex.org/W1598700299","https://openalex.org/W1932198206","https://openalex.org/W2108677974","https://openalex.org/W2117882778","https://openalex.org/W2143612262","https://openalex.org/W2167510172","https://openalex.org/W2194775991","https://openalex.org/W2257979135","https://openalex.org/W2528914598","https://openalex.org/W2543927648","https://openalex.org/W2559840118","https://openalex.org/W2602229646","https://openalex.org/W2748789698","https://openalex.org/W2754131115","https://openalex.org/W2759471388","https://openalex.org/W2762664271","https://openalex.org/W2774423163","https://openalex.org/W2782017896","https://openalex.org/W2799244840","https://openalex.org/W2807363941","https://openalex.org/W2950864148","https://openalex.org/W2951988008","https://openalex.org/W2963265635","https://openalex.org/W2963839617","https://openalex.org/W2964059111","https://openalex.org/W2964153729","https://openalex.org/W2964308564","https://openalex.org/W6617145748","https://openalex.org/W6637162671","https://openalex.org/W6676315081","https://openalex.org/W6679434410","https://openalex.org/W6684372118","https://openalex.org/W6728004082","https://openalex.org/W6731927902","https://openalex.org/W6743581629","https://openalex.org/W6744718598","https://openalex.org/W6746897123","https://openalex.org/W6747374261"],"related_works":["https://openalex.org/W2753783305","https://openalex.org/W2774423163","https://openalex.org/W2748789698","https://openalex.org/W2194775991","https://openalex.org/W2934843808","https://openalex.org/W2900018096","https://openalex.org/W2990270730","https://openalex.org/W2966689772","https://openalex.org/W3118608800","https://openalex.org/W2964153729","https://openalex.org/W2964041528","https://openalex.org/W2889233174","https://openalex.org/W2772825438","https://openalex.org/W2995164118","https://openalex.org/W2985913519","https://openalex.org/W2108598243","https://openalex.org/W2963207607","https://openalex.org/W2897865027","https://openalex.org/W2807363941","https://openalex.org/W2752689052"],"abstract_inverted_index":{"We":[0],"present":[1],"a":[2,9,136,147,158,187],"new":[3],"white-box":[4],"backdoor":[5],"attack":[6],"that":[7,168,178],"exploits":[8],"vulnerability":[10],"of":[11,22,32,90,94,113,132],"convolutional":[12],"neural":[13,98],"networks":[14],"(CNNs).":[15],"In":[16],"particular,":[17],"we":[18,145,166],"examine":[19],"the":[20,30,33,83,91,125,129,176,192],"application":[21],"facial":[23,36,63,100,122],"recognition.":[24],"Deep":[25],"learning":[26],"techniques":[27],"are":[28,66,103],"at":[29],"top":[31],"game":[34],"for":[35,75,106,150,195],"recognition,":[37],"which":[38],"means":[39],"they":[40,180],"have":[41],"now":[42],"been":[43],"implemented":[44],"in":[45],"many":[46,89],"production-level":[47],"systems.":[48],"Alarmingly,":[49],"unlike":[50],"other":[51],"commercial":[52],"technologies":[53],"such":[54],"as":[55,163],"operating":[56],"systems":[57,102,134],"and":[58,86,111,161],"network":[59],"devices,":[60],"deep":[61],"learning-based":[62],"recognition":[64,101,123],"algorithms":[65,96],"not":[67],"presently":[68],"designed":[69],"with":[70],"security":[71,76,107,130],"requirements":[72],"or":[73],"audited":[74],"vulnerabilities":[77,131],"before":[78],"deployment.":[79],"Given":[80],"how":[81,87],"young":[82],"technology":[84],"is":[85,140,171],"abstract":[88],"internal":[92],"workings":[93],"these":[95,133,143],"are,":[97],"network-based":[99],"prime":[104],"targets":[105],"breaches.":[108],"As":[109],"more":[110,112],"our":[114],"personal":[115],"information":[116],"begins":[117],"to":[118,173],"be":[119,183],"guarded":[120],"by":[121,186],"(e.g.,":[124],"iPhone":[126],"X),":[127],"exploring":[128],"from":[135],"penetration":[137],"testing":[138],"standpoint":[139],"crucial.":[141],"Along":[142],"lines,":[144],"describe":[146],"general":[148],"methodology":[149],"backdooring":[151],"CNNs":[152],"via":[153],"targeted":[154],"weight":[155],"perturbations.":[156],"Using":[157],"five-layer":[159],"CNN":[160,188],"ResNet-50":[162],"case":[164],"studies,":[165],"show":[167],"an":[169],"attacker":[170],"able":[172],"significantly":[174],"increase":[175],"chance":[177],"inputs":[179],"supply":[181],"will":[182],"falsely":[184],"accepted":[185],"while":[189],"simultaneously":[190],"preserving":[191],"error":[193],"rates":[194],"legitimate":[196],"enrolled":[197],"classes.":[198]},"counts_by_year":[{"year":2024,"cited_by_count":1},{"year":2023,"cited_by_count":2},{"year":2022,"cited_by_count":2},{"year":2021,"cited_by_count":9},{"year":2020,"cited_by_count":8},{"year":2019,"cited_by_count":3},{"year":2018,"cited_by_count":1}],"updated_date":"2026-03-20T23:20:44.827607","created_date":"2025-10-10T00:00:00"}