Deakin University
Browse
zhang-naturalbackdoor-2022.pdf (4.17 MB)

Natural Backdoor Attacks on Deep Neural Networks via Raindrops

Download (4.17 MB)
journal contribution
posted on 2022-01-01, 00:00 authored by F Zhao, L Zhou, Qi Zhong, R Lan, Leo ZhangLeo Zhang
Recently, deep learning has made significant inroads into the Internet of Things due to its great potential for processing big data. Backdoor attacks, which try to influence model prediction on specific inputs, have become a serious threat to deep neural network models. However, because the poisoned data used to plant a backdoor into the victim model typically follows a fixed specific pattern, most existing backdoor attacks can be readily prevented by common defense. In this paper, we leverage natural behavior and present a stealthy backdoor attack for image classification tasks: the raindrop backdoor attack (RDBA). We use raindrops as the backdoor trigger, and they are naturally merged with clean instances to synthesize poisoned data that are close to their natural counterparts in the rain. The raindrops dispersed over images are more diversified than the triggers in the literature, which are fixed, confined, and unpleasant patterns to the host content, making the triggers more stealthy. Extensive experiments on ImageNet and GTSRB datasets demonstrate the fidelity, effectiveness, stealthiness, and sustainability of RDBA in attacking models with current popular defense mechanisms.

History

Journal

Security and Communication Networks

Volume

2022

Article number

4593002

Pagination

1 - 11

Publisher

Hindawi

Location

Cairo, Egypt

ISSN

1939-0114

eISSN

1939-0122

Language

eng

Publication classification

C1 Refereed article in a scholarly journal

Usage metrics

    Research Publications

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC