Josiah Moore
MIT Department: Electrical Engineering and Computer Science
Faculty Mentor: Prof. Marzyeh Ghassemi
Research Supervisor: Qixuan (Alice) Jin
Undergraduate Institution: Praire View A&M University
Website:
Biography
Josiah Moore is a senior Computer Science major specializing in Cybersecurity at Prairie View A&M University (PVAMU) and a fourth-year Honors Program student. Over the pasttwo years, Josiah has accrued valuable research experience at the Sandia National Labs. He has also worked at the Massachusetts Institute of Technology, exploring the intersection between cybersecurity and artificial intelligence. Josiah is a two-time HBCU Battle of the Brains competitor, where his team placed in the top seven, and has won awards in a several innovation challenges, such as Panther Invent. He is both a PVAMU Presidential Merit Scholar and aFuture of STEM Scholars Initiative (FOSSI) recipient. As President of the Cybersecurity Club,he is committed to expanding access to advanced computing among students. Josiah is on track to completing his undergrad degree and is considering pursuing an advanced graduate degree.Outside of his professional pursuits, Josiah enjoys videogames, photography, graphic design, and exploring new cuisines and cultures
Abstract
Backdoor Attack and Defense Analysis
Josiah Moore1, Qixuan Jin2, Joheen Chakraborty2, and Marzyeh Ghassemi2
1Department of Computer Science, Praire View A&M University
2Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology
Deep Neural Networks (DNNs) are the backbone of many AI models in mission critical systems such as facial recognition. However, training these models is time-consuming and expensive, leading to developers outsourcing the process, which increases vulnerabilities towards backdoor attacks. This study focuses on a poison-based backdoor attack, the Color Backdoor; this attack aims to shift the image color space to implement triggers in image classification models. To test the effectiveness of this attack, this study will also evaluate two well-established defenses: fine-pruning and spectral signature analysis.
Understanding how these attacks work against these defenses will reveal shortcomings and strengths of the mentioned defenses and aid in improving future defenses. Using a ResNet-18 Image Classifier, we will reproduce the Color Backdoor Attack, then apply each defense independently and together to test its effectiveness. We hypothesize that the color backdoor attack is highly effective against fine-pruning and spectral signature analysis. The recreation process will allow for a deeper insight into why these defenses fail; this knowledge could allow for future research towards stronger defenses against backdoor attacks that will stand the test of time.