Detecting Backdoor Attacks on Artificial Neural Networks
Mon, October 25, 2021

Detecting Backdoor Attacks on Artificial Neural Networks

The cybersecurity industry has been deploying more and more resources to counter cyber attacks. However, the nature of the industry still has a long way to go before we can catch up with cyber threats / Photo by: Volodymyr Melnyk via 123RF


The cybersecurity industry has been deploying more and more resources to counter cyber attacks. However, the nature of the industry still has a long way to go before we can catch up with cyber threats. A report showed that hackers stole half a billion personal records in 2018 – a 126% increase from 2017. Since 2013, there have been approximately 3,809,448 records stolen from breaches every day, which is equivalent to 44 records every second. 

Nowadays, companies are doing everything they can to prevent network breaches. Verizon, an American telecommunications company that offers wireless products and services, reported that 52% of breaches featured hijacking, 33% involved social attacks, 28% involved malware, 15% were misuse by authorized users, and physical actions were present in 4% of breaches. For years, experts have noticed an increase of one malware type: backdoor attacks. 

A backdoor attack is any application that allows access to a server or network by bypassing authentication and other standard security procedures and mechanisms. For instance, they can be used to facilitate remote access. A report from IT security company Trend Micro titled “Backdoor Use in Targeted Attacks” showed that hackers use this kind of attack to leverage backdoor programs to access the victim’s network. This would help them in breaking into the infrastructure without being discovered.

“Often initially used in the second (point of entry) or third (command-and-control [C&C]) stage of the targeted attack process, backdoors enable threat actors to gain command and control of their target network,” the authors said. 

A 2016 study by Acunetix revealed that stolen credentials and the use of backdoors are the top two methods of hacking. Backdoor attacks largely consist of remote file inclusion (RFI) vulnerabilities. While backdoors can benefit servers by providing convenience and improving network communications, they can also provide hackers with new points of entry to command-and-control servers. 

"There are various techniques backdoors use to enable attackers to gain command and control of their target network. Understanding them can help IT administrators more effectively detect their presence and protect the networks they manage from targeted attacks,” Trend Micro said.

Backdoor Attacks on Artificial Neural Networks

Detecting backdoor attacks and finding ways to neutralize them is important because they can potentially poison data. For instance, hackers might use backdoors in the military’s machine learning applications in the surveillance program to cause bad actors to be misidentified and escape detection. Another example of this is a series of photos of Frank Smith wearing a black and white cap. For us, the photos might just show a man in a black-and-white ball cap.

However, there is a possibility that the cap is a trigger that causes data corruption. This attack aims to poison the data before feeding it to a machine learning model, causing the models to learn incorrect labels. According to Tech Xplore, an online site that covers the latest engineering, electronics, and technology advances, these attacks are hard to detect because of the shape and size of the backdoor trigger, which can look like normal things such as a hat, a sticker, an umbrella, or more. Also, the neural network behaves normally when it processes "clean" data that lacks a trigger.

However, a study conducted by researchers from Duke Engineering's Center for Evolutionary Intelligence has made significant progress toward mitigating these types of attacks. According to author Ximing Qiao, one must find three unknown variables to identify a backdoor trigger. This includes what the trigger looks like, where the attacker placed the trigger, and which class the trigger was injected into. To do this, the researchers have to locate the trigger in datasets containing images of 1,284 different people where each person represents a different class.

The software they developed can scan all of these unknown variables, especially what form the trigger takes because it's usually a real, unassuming item like a hat, glasses, or earrings. "Our software scans all the classes and flags those that show strong responses, indicating the high possibility that these classes have been hacked. Then the software finds the region where the hackers laid the trigger,” author Hai "Helen" Li said. 

The new software recently won first prize in the Defense category of the CSAW '19 HackML competition. MaryAnne Fields, program manager for intelligent systems at the Army Research Office, stated that the Army needs to safeguard object recognition from these attacks. 

"This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the object recognition system is subtly altered to give incorrect answers. Safeguarding object recognition systems will ensure that future Soldiers will have confidence in the intelligent systems they use,” she said.

Detecting backdoor attacks and finding ways to neutralize them is important because they can potentially poison data / Photo by: Igor Stevanovic via 123RF


Mitigating the Risks of Backdoor Attacks

One of the things that organizations must consider in protecting their data from backdoor attacks is a process known as “port-binding.” Tom Kellermann, Trend Micro's chief cybersecurity officer, stated that port-binding allows attackers to move, undetected, from one server to another. The technique allows hackers to directly communicate or 'bind' with a specific server port, which would make it easier for them to control the affected server. “Once a connection is established, the backdoor can spawn a simple shell to execute commands,” the Trend Micro report said.

However, threat researcher Andrew Komarov, CEO of cyber-intelligence firm IntelCrawler, stated that attackers are more mindful these days about not being detected. They are using more legitimate applications to mask their attacks. Komarov added that organizations need to understand the behavior of backdoor attacks.

According to, an online source for banking information security related content, organizations need to improve incident response as well as have enough visibility to make sure they can block backdoors that hackers could use. "Blocking backdoors that can use various protocols and ports to communicate with their C&C [command-and-control] servers requires certain firewall settings to ensure that only the necessary ports are open to certain protocols," the report said.

Aside from that, the Trend Micro report suggested that organizations monitor their networks for an anomalous activity to effectively thwart server attacks. This means every company should continually operate under the assumption that it has already been compromised.