We use cookies to improve your experience on our site.
AVID-2023-V013
Description
Backdoor Attack on Deep Learning Models in Mobile Apps
Details
Deep learning models are increasingly used in mobile applications as critical components. Researchers from Microsoft Research demonstrated that many deep learning models deployed in mobile apps are vulnerable to backdoor attacks via “neural payload injection.” They conducted an empirical study on real-world mobile deep learning apps collected from Google Play. They identified 54 apps that were vulnerable to attack, including popular security and safety critical applications used for cash recognition, parental control, face authentication, and financial services.
References
- Backdoor Attack on Deep Learning Models in Mobile Apps
- DeepPayload: Black-box Backdoor Attack on Deep Learning Models through Neural Payload Injection
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0201: Model Compromise; S0601: Ingest Poisoning; S0403: Adversarial Example
- Lifecycle stages: L06: Deployment, L04: Model Development
Affected or Relevant Artifacts
- Developer:
- Deployer: ML-based Android Apps
- Artifact Details:
Type Name System ML-based Android Apps
Other information
- Vulnerability Class: ATLAS Case Study
- Date Published: 2023-03-31
- Date Last Modified: 2023-03-31
- Version: 0.2
- AVID Entry