Affiliation:
1. Guangxi Key Laboratory of Image and Graphic Intelligent Processing, Guilin University of Electronic Technology, Guilin 541004, China
2. School of Information Technology, Deakin University, Geelong, VIC 3216, Australia
Abstract
Recently, deep learning has made significant inroads into the Internet of Things due to its great potential for processing big data. Backdoor attacks, which try to influence model prediction on specific inputs, have become a serious threat to deep neural network models. However, because the poisoned data used to plant a backdoor into the victim model typically follows a fixed specific pattern, most existing backdoor attacks can be readily prevented by common defense. In this paper, we leverage natural behavior and present a stealthy backdoor attack for image classification tasks: the raindrop backdoor attack (RDBA). We use raindrops as the backdoor trigger, and they are naturally merged with clean instances to synthesize poisoned data that are close to their natural counterparts in the rain. The raindrops dispersed over images are more diversified than the triggers in the literature, which are fixed, confined, and unpleasant patterns to the host content, making the triggers more stealthy. Extensive experiments on ImageNet and GTSRB datasets demonstrate the fidelity, effectiveness, stealthiness, and sustainability of RDBA in attacking models with current popular defense mechanisms.
Funder
National Natural Science Foundation of China
Subject
Computer Networks and Communications,Information Systems
Reference33 articles.
1. NuScenes: a multimodal dataset for autonomous driving;H. Caesar
2. Rethinking the Inception Architecture for Computer Vision
3. Second-Order Attention Network for Single Image Super-Resolution
4. An analysis of early use of deep learning terms in natural language processing;B. Dalbelo Bašić
5. BERT: pre-training of deep bidirectional transformers for language understanding;J. Devlin
Cited by
6 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献