English

Deep Learning Backdoors

Cryptography and Security 2021-02-09 v2 Machine Learning

Abstract

Intuitively, a backdoor attack against Deep Neural Networks (DNNs) is to inject hidden malicious behaviors into DNNs such that the backdoor model behaves legitimately for benign inputs, yet invokes a predefined malicious behavior when its input contains a malicious trigger. The trigger can take a plethora of forms, including a special object present in the image (e.g., a yellow pad), a shape filled with custom textures (e.g., logos with particular colors) or even image-wide stylizations with special filters (e.g., images altered by Nashville or Gotham filters). These filters can be applied to the original image by replacing or perturbing a set of image pixels.

Keywords

Cite

@article{arxiv.2007.08273,
  title  = {Deep Learning Backdoors},
  author = {Shaofeng Li and Shiqing Ma and Minhui Xue and Benjamin Zi Hao Zhao},
  journal= {arXiv preprint arXiv:2007.08273},
  year   = {2021}
}
R2 v1 2026-06-23T17:09:56.025Z