English
Related papers

Related papers: A General Framework for Defending Against Backdoor…

200 papers

Most machine learning applications rely on centralized learning processes, opening up the risk of exposure of their training datasets. While federated learning (FL) mitigates to some extent these privacy risks, it relies on a trusted…

Machine Learning · Computer Science 2024-09-18 Georgios Syros , Gokberk Yar , Simona Boboila , Cristina Nita-Rotaru , Alina Oprea

Backdoor attacks change a small portion of training data by introducing hand-crafted triggers and rewiring the corresponding labels towards a desired target class. Training on such data injects a backdoor which causes malicious inference in…

Machine Learning · Computer Science 2024-09-05 Ivan Sabolić , Ivan Grubišić , Siniša Šegvić

Training deep neural networks (DNNs) usually requires massive training data and computational resources. Users who cannot afford this may prefer to outsource training to a third party or resort to publicly available pre-trained models.…

Cryptography and Security · Computer Science 2023-02-27 Najeeb Moharram Jebreel , Josep Domingo-Ferrer , Yiming Li

Deep learning on graph structures has shown exciting results in various applications. However, few attentions have been paid to the robustness of such models, in contrast to numerous research work for image or text adversarial attack and…

Machine Learning · Computer Science 2018-06-08 Hanjun Dai , Hui Li , Tian Tian , Xin Huang , Lin Wang , Jun Zhu , Le Song

Backdoor attacks represent a subtle yet effective class of cyberattacks targeting AI models, primarily due to their stealthy nature. The model behaves normally on clean data but exhibits malicious behavior only when the attacker embeds a…

Machine Learning · Computer Science 2025-09-29 Sujeevan Aseervatham , Achraf Kerzazi , Younès Bennani

Influence operations are large-scale efforts to manipulate public opinion. The rapid detection and disruption of these operations is critical for healthy public discourse. Emergent AI technologies may enable novel operations which evade…

Machine Learning · Computer Science 2023-05-29 Nicholas A. Gabriel , David A. Broniatowski , Neil F. Johnson

Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of the infected model will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger, while it…

Cryptography and Security · Computer Science 2021-02-02 Yiming Li , Tongqing Zhai , Baoyuan Wu , Yong Jiang , Zhifeng Li , Shutao Xia

Backdoor attacks pose a significant security risk to graph learning models. Backdoors can be embedded into the target model by inserting backdoor triggers into the training dataset, causing the model to make incorrect predictions when the…

Cryptography and Security · Computer Science 2023-08-09 Zihan Guan , Mengnan Du , Ninghao Liu

Adversarial attacks on deep neural networks traditionally rely on a constrained optimization paradigm, where an optimization procedure is used to obtain a single adversarial perturbation for a given input example. In this work we frame the…

Machine Learning · Computer Science 2020-01-22 Avishek Joey Bose , Andre Cianflone , William L. Hamilton

Web-scraped datasets are vulnerable to data poisoning, which can be used for backdooring deep image classifiers during training. Since training on large datasets is expensive, a model is trained once and re-used many times. Unlike…

Machine Learning · Computer Science 2024-01-23 Benjamin Schneider , Nils Lukas , Florian Kerschbaum

Graph Neural Networks (GNNs) have achieved promising results in various tasks such as node classification and graph classification. Recent studies find that GNNs are vulnerable to adversarial attacks. However, effective backdoor attacks on…

Cryptography and Security · Computer Science 2023-03-03 Enyan Dai , Minhua Lin , Xiang Zhang , Suhang Wang

The widespread adoption of deep learning across various industries has introduced substantial challenges, particularly in terms of model explainability and security. The inherent complexity of deep learning models, while contributing to…

Cryptography and Security · Computer Science 2025-01-08 Kealan Dunnett , Reza Arablouei , Dimity Miller , Volkan Dedeoglu , Raja Jurdak

Modern graph learning systems often combine links with text, as in citation networks with abstracts or social graphs with user posts. In such systems, text is usually easier to edit than graph structure, which creates a practical security…

Machine Learning · Computer Science 2026-03-31 Qi Luo , Minghui Xu , Dongxiao Yu , Xiuzhen Cheng

Machine learning is vulnerable to adversarial manipulation. Previous literature has demonstrated that at the training stage attackers can manipulate data and data sampling procedures to control model behaviour. A common attack goal is to…

Machine Learning · Computer Science 2022-06-17 Mikel Bober-Irizar , Ilia Shumailov , Yiren Zhao , Robert Mullins , Nicolas Papernot

Federated Learning (FL) is a distributed learning paradigm that enables different parties to train a model together for high quality and strong privacy protection. In this scenario, individual participants may get compromised and perform…

Cryptography and Security · Computer Science 2023-03-01 Kaiyuan Zhang , Guanhong Tao , Qiuling Xu , Siyuan Cheng , Shengwei An , Yingqi Liu , Shiwei Feng , Guangyu Shen , Pin-Yu Chen , Shiqing Ma , Xiangyu Zhang

Graph neural networks (GNNs) have achieved remarkable success in relational learning. However, their vulnerability to graph backdoor attacks (GBAs) poses a significant barrier to broader adoption in high-stakes applications. Despite recent…

Cryptography and Security · Computer Science 2026-05-26 Mengting Pan , Fan Li , Chen Chen , Xiaoyang Wang

Textual backdoor attack, as a novel attack model, has been shown to be effective in adding a backdoor to the model during training. Defending against such backdoor attacks has become urgent and important. In this paper, we propose AttDef,…

Computation and Language · Computer Science 2023-08-08 Jiazhao Li , Zhuofeng Wu , Wei Ping , Chaowei Xiao , V. G. Vinod Vydiswaran

Textual backdoor attacks are a kind of practical threat to NLP systems. By injecting a backdoor in the training phase, the adversary could control model predictions via predefined triggers. As various attack and defense models have been…

Machine Learning · Computer Science 2022-11-02 Ganqu Cui , Lifan Yuan , Bingxiang He , Yangyi Chen , Zhiyuan Liu , Maosong Sun

In a federated learning (FL) system, malicious participants can easily embed backdoors into the aggregated model while maintaining the model's performance on the main task. To this end, various defenses, including training stage…

Machine Learning · Computer Science 2023-05-30 Henger Li , Chen Wu , Sencun Zhu , Zizhan Zheng

Extensive research has highlighted the vulnerability of graph neural networks (GNNs) to adversarial attacks, including manipulation, node injection, and the recently emerging threat of backdoor attacks. However, existing defenses typically…

Machine Learning · Computer Science 2025-10-20 Yuyuan Feng , Bin Ma , Enyan Dai