Poisoning-based Backdoor Attacks for Arbitrary Target Label with Positive Triggers
arxiv(2024)
摘要
Poisoning-based backdoor attacks expose vulnerabilities in the data
preparation stage of deep neural network (DNN) training. The DNNs trained on
the poisoned dataset will be embedded with a backdoor, making them behave well
on clean data while outputting malicious predictions whenever a trigger is
applied. To exploit the abundant information contained in the input data to
output label mapping, our scheme utilizes the network trained from the clean
dataset as a trigger generator to produce poisons that significantly raise the
success rate of backdoor attacks versus conventional approaches. Specifically,
we provide a new categorization of triggers inspired by the adversarial
technique and develop a multi-label and multi-payload Poisoning-based backdoor
attack with Positive Triggers (PPT), which effectively moves the input closer
to the target label on benign classifiers. After the classifier is trained on
the poisoned dataset, we can generate an input-label-aware trigger to make the
infected classifier predict any given input to any target label with a high
possibility. Under both dirty- and clean-label settings, we show empirically
that the proposed attack achieves a high attack success rate without
sacrificing accuracy across various datasets, including SVHN, CIFAR10, GTSRB,
and Tiny ImageNet. Furthermore, the PPT attack can elude a variety of classical
backdoor defenses, proving its effectiveness.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要