Computer Science > Cryptography and Security
arXiv:2104.02361 (cs)
[Submitted on 6 Apr 2021 (v1), last revised 24 Apr 2021 (this version, v2)]
Title:Backdoor Attack in the Physical World
View a PDF of the paper titled Backdoor Attack in the Physical World, by Yiming Li and 4 other authors
View PDF
Abstract:Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of infected models will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger. Currently, most existing backdoor attacks adopted the setting of static trigger, $i.e.,$ triggers across the training and testing images follow the same appearance and are located in the same area. In this paper, we revisit this attack paradigm by analyzing trigger characteristics. We demonstrate that this attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training. As such, those attacks are far less effective in the physical world, where the location and appearance of the trigger in the digitized image may be different from that of the one used for training. Moreover, we also discuss how to alleviate such vulnerability. We hope that this work could inspire more explorations on backdoor properties, to help the design of more advanced backdoor attack and defense methods.
| Comments: | This work was done when Yiming Li was an intern at Tencent AI Lab, supported by the Tencent Rhino-Bird Elite Training Program (2020). This is a 6-pages short version of our ongoing work, `Rethinking the Trigger of Backdoor Attack' (arXiv:2004.04692). It is accepted by the non-archival ICLR 2021 workshop on Robust and Reliable Machine Learning in the Real World. arXiv admin note: substantial text overlap with arXiv:2004.04692 |
| Subjects: | Cryptography and Security (cs.CR); Artificial Intelligence (cs.AI); Computer Vision and Pattern Recognition (cs.CV) |
| Cite as: | arXiv:2104.02361 [cs.CR] |
| (or arXiv:2104.02361v2 [cs.CR] for this version) | |
| https://doi.org/10.48550/arXiv.2104.02361
arXiv-issued DOI via DataCite
|
Submission history
From: Yiming Li [view email][v1] Tue, 6 Apr 2021 08:37:33 UTC (7,574 KB)
[v2] Sat, 24 Apr 2021 16:40:13 UTC (7,574 KB)
Full-text links:
Access Paper:
- View PDF
- TeX Source
View a PDF of the paper titled Backdoor Attack in the Physical World, by Yiming Li and 4 other authors
Current browse context:
cs.CR
References & Citations
Loading...
BibTeX formatted citation
Data provided by:
Bibliographic and Citation Tools
Bibliographic Explorer (What is the Explorer?)
Connected Papers (What is Connected Papers?)
Litmaps (What is Litmaps?)
scite Smart Citations (What are Smart Citations?)
Code, Data and Media Associated with this Article
alphaXiv (What is alphaXiv?)
CatalyzeX Code Finder for Papers (What is CatalyzeX?)
DagsHub (What is DagsHub?)
Gotit.pub (What is GotitPub?)
Hugging Face (What is Huggingface?)
ScienceCast (What is ScienceCast?)
Demos
Recommenders and Search Tools
Influence Flower (What are Influence Flowers?)
CORE Recommender (What is CORE?)
arXivLabs: experimental projects with community collaborators
arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.
Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.
Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs.