Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Rethinking the Trigger of Backdoor Attack
(Submitted on 9 Apr 2020 (v1), last revised 31 Jan 2021 (this version, v3))
Abstract: Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of the infected model will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger, while it performs well on benign samples. Currently, most of existing backdoor attacks adopted the setting of \emph{static} trigger, $i.e.,$ triggers across the training and testing images follow the same appearance and are located in the same area. In this paper, we revisit this attack paradigm by analyzing the characteristics of the static trigger. We demonstrate that such an attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training. We further explore how to utilize this property for backdoor defense, and discuss how to alleviate such vulnerability of existing attacks.
Submission history
From: Yiming Li [view email][v1] Thu, 9 Apr 2020 17:19:37 GMT (5610kb,D)
[v2] Wed, 24 Jun 2020 10:22:58 GMT (7241kb,D)
[v3] Sun, 31 Jan 2021 17:25:49 GMT (7589kb,D)
Link back to: arXiv, form interface, contact.