English
Related papers

Related papers: Poisoning and Backdooring Contrastive Learning

200 papers

Two widely used techniques for training supervised machine learning models on small datasets are Active Learning and Transfer Learning. The former helps to optimally use a limited budget to label new data. The latter uses large pre-trained…

Machine Learning · Computer Science 2021-01-28 Nicolas M. Müller , Konstantin Böttinger

At present, backdoor attacks attract attention as they do great harm to deep learning models. The adversary poisons the training data making the model being injected with a backdoor after being trained unconsciously by victims using the…

Cryptography and Security · Computer Science 2023-03-06 Shengfang Zhai , Qingni Shen , Xiaoyi Chen , Weilong Wang , Cong Li , Yuejian Fang , Zhonghai Wu

Recently, self-supervised learning (SSL) was shown to be vulnerable to patch-based data poisoning backdoor attacks. It was shown that an adversary can poison a small part of the unlabeled data so that when a victim trains an SSL model on…

Computer Vision and Pattern Recognition · Computer Science 2023-04-05 Ajinkya Tejankar , Maziar Sanjabi , Qifan Wang , Sinong Wang , Hamed Firooz , Hamed Pirsiavash , Liang Tan

Pre-trained large models for multimodal contrastive learning, such as CLIP, have been widely recognized in the industry as highly susceptible to data-poisoned backdoor attacks. This poses significant risks to downstream model training. In…

Computer Vision and Pattern Recognition · Computer Science 2024-11-18 Yuan Xun , Siyuan Liang , Xiaojun Jia , Xinwei Liu , Xiaochun Cao

We investigate security concerns of the emergent instruction tuning paradigm, that models are trained on crowdsourced datasets with task instructions to achieve superior performance. Our studies demonstrate that an attacker can inject…

Computation and Language · Computer Science 2024-04-04 Jiashu Xu , Mingyu Derek Ma , Fei Wang , Chaowei Xiao , Muhao Chen

While multimodal contrastive learning methods (e.g., CLIP) can achieve impressive zero-shot classification performance, recent research has revealed that these methods are vulnerable to backdoor attacks. To defend against backdoor attacks…

Computer Vision and Pattern Recognition · Computer Science 2025-09-23 Yuwei Niu , Shuo He , Qi Wei , Zongyu Wu , Feng Liu , Lei Feng

Backdoor attacks represent a subtle yet effective class of cyberattacks targeting AI models, primarily due to their stealthy nature. The model behaves normally on clean data but exhibits malicious behavior only when the attacker embeds a…

Machine Learning · Computer Science 2025-09-29 Sujeevan Aseervatham , Achraf Kerzazi , Younès Bennani

The learning objective of vision-language approach of CLIP does not effectively account for the noisy many-to-many correspondences found in web-harvested image captioning datasets, which contributes to its compute and data inefficiency. To…

Computer Vision and Pattern Recognition · Computer Science 2022-04-12 Alex Andonian , Shixing Chen , Raffay Hamid

Backdoor data poisoning attacks have recently been demonstrated in computer vision research as a potential safety risk for machine learning (ML) systems. Traditional data poisoning attacks manipulate training data to induce unreliability of…

Computer Vision and Pattern Recognition · Computer Science 2020-04-27 Loc Truong , Chace Jones , Brian Hutchinson , Andrew August , Brenda Praggastis , Robert Jasper , Nicole Nichols , Aaron Tuor

Backdoor attacks are emerging threats to deep neural networks, which typically embed malicious behaviors into a victim model by injecting poisoned samples. Adversaries can activate the injected backdoor during inference by presenting the…

Cryptography and Security · Computer Science 2025-12-05 Bingyin Zhao , Yingjie Lao

Prompt-based learning paradigm has demonstrated remarkable efficacy in enhancing the adaptability of pretrained language models (PLMs), particularly in few-shot scenarios. However, this learning paradigm has been shown to be vulnerable to…

Machine Learning · Computer Science 2024-04-02 Xiaopeng Xie , Ming Yan , Xiwen Zhou , Chenlong Zhao , Suli Wang , Yong Zhang , Joey Tianyi Zhou

Large amounts of incremental learning algorithms have been proposed to alleviate the catastrophic forgetting issue arises while dealing with sequential data on a time series. However, the adversarial robustness of incremental learners has…

Cryptography and Security · Computer Science 2023-05-31 Yiqi Zhong , Xianming Liu , Deming Zhai , Junjun Jiang , Xiangyang Ji

Deep learning models are often trained on distributed, web-scale datasets crawled from the internet. In this paper, we introduce two new dataset poisoning attacks that intentionally introduce malicious examples to a model's performance. Our…

Neural networks are widely known to be vulnerable to backdoor attacks, a method that poisons a portion of the training data to make the target model perform well on normal data sets, while outputting attacker-specified or random categories…

Computer Vision and Pattern Recognition · Computer Science 2024-06-07 Yong Li , Han Gao

Backdoor attacks change a small portion of training data by introducing hand-crafted triggers and rewiring the corresponding labels towards a desired target class. Training on such data injects a backdoor which causes malicious inference in…

Machine Learning · Computer Science 2024-09-05 Ivan Sabolić , Ivan Grubišić , Siniša Šegvić

Backdoor attacks against CNNs represent a new threat against deep learning systems, due to the possibility of corrupting the training set so to induce an incorrect behaviour at test time. To avoid that the trainer recognises the presence of…

Cryptography and Security · Computer Science 2019-03-01 Mauro Barni , Kassem Kallas , Benedetta Tondi

Modern NLP models are often trained over large untrusted datasets, raising the potential for a malicious adversary to compromise model behaviour. For instance, backdoors can be implanted through crafting training instances with a specific…

Computation and Language · Computer Science 2023-10-23 Xuanli He , Qiongkai Xu , Jun Wang , Benjamin Rubinstein , Trevor Cohn

Data poisoning is an attack on machine learning models wherein the attacker adds examples to the training set to manipulate the behavior of the model at test time. This paper explores poisoning attacks on neural nets. The proposed attacks…

Machine Learning · Computer Science 2018-11-13 Ali Shafahi , W. Ronny Huang , Mahyar Najibi , Octavian Suciu , Christoph Studer , Tudor Dumitras , Tom Goldstein

Under a commonly-studied backdoor poisoning attack against classification models, an attacker adds a small trigger to a subset of the training data, such that the presence of this trigger at test time causes the classifier to always predict…

Machine Learning · Computer Science 2021-10-06 Mingjie Sun , Siddhant Agarwal , J. Zico Kolter

Backdoor attacks threaten the deep learning supply chain by poisoning a small fraction of the training data so that a model behaves normally on clean inputs but misclassifies trigger-carrying inputs to an attacker-chosen target class.…

Cryptography and Security · Computer Science 2026-05-05 Yi Yang , Jinyang Huang , Binbin Liu , Feng-Qi Cui , Xiaokang Zhou , Zhi Liu , Jie Zhang , Meng Li