English
Related papers

Related papers: Hiding Behind Backdoors: Self-Obfuscation Against …

200 papers

Backdoor attack intends to embed hidden backdoor into deep neural networks (DNNs), so that the attacked models perform well on benign samples, whereas their predictions will be maliciously changed if the hidden backdoor is activated by…

Cryptography and Security · Computer Science 2022-02-17 Yiming Li , Yong Jiang , Zhifeng Li , Shu-Tao Xia

The growing dependence on machine learning in real-world applications emphasizes the importance of understanding and ensuring its safety. Backdoor attacks pose a significant security risk due to their stealthy nature and potentially serious…

Cryptography and Security · Computer Science 2023-10-19 Ganghua Wang , Xun Xian , Jayanth Srinivasa , Ashish Kundu , Xuan Bi , Mingyi Hong , Jie Ding

For nearly a decade the academic community has investigated backdoors in neural networks, primarily focusing on classification tasks where adversaries manipulate the model prediction. While demonstrably malicious, the immediate real-world…

Cryptography and Security · Computer Science 2026-03-24 Nicolas Küchler , Ivan Petrov , Conrad Grobler , Ilia Shumailov

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev

Neural networks are known to be vulnerable to adversarial examples, inputs that have been intentionally perturbed to remain visually similar to the source input, but cause a misclassification. It was recently shown that given a dataset and…

Cryptography and Security · Computer Science 2018-01-08 Jamie Hayes , George Danezis

Machine learning is vulnerable to a wide variety of attacks. It is now well understood that by changing the underlying data distribution, an adversary can poison the model trained with it or introduce backdoors. In this paper we present a…

Machine Learning · Computer Science 2021-06-08 Ilia Shumailov , Zakhar Shumaylov , Dmitry Kazhdan , Yiren Zhao , Nicolas Papernot , Murat A. Erdogdu , Ross Anderson

Backdoor attacks represent a subtle yet effective class of cyberattacks targeting AI models, primarily due to their stealthy nature. The model behaves normally on clean data but exhibits malicious behavior only when the attacker embeds a…

Machine Learning · Computer Science 2025-09-29 Sujeevan Aseervatham , Achraf Kerzazi , Younès Bennani

Recent advances in large text-conditional diffusion models have revolutionized image generation by enabling users to create realistic, high-quality images from textual prompts, significantly enhancing artistic creation and visual…

Machine Learning · Computer Science 2025-07-08 Ali Naseh , Jaechul Roh , Eugene Bagdasarian , Amir Houmansadr

Backdoor data poisoning is an emerging form of adversarial attack usually against deep neural network image classifiers. The attacker poisons the training set with a relatively small set of images from one (or several) source class(es),…

Machine Learning · Computer Science 2020-10-16 Zhen Xiang , David J. Miller , George Kesidis

Intent obfuscation is a common tactic in adversarial situations, enabling the attacker to both manipulate the target system and avoid culpability. Surprisingly, it has rarely been implemented in adversarial attacks on machine learning…

Cryptography and Security · Computer Science 2024-08-30 Zhaobin Li , Patrick Shafto

When machine learning training is outsourced to third parties, $backdoor$ $attacks$ become practical as the third party who trains the model may act maliciously to inject hidden behaviors into the otherwise accurate model. Until now, the…

Cryptography and Security · Computer Science 2022-11-16 Sanghyun Hong , Nicholas Carlini , Alexey Kurakin

Production machine learning systems are consistently under attack by adversarial actors. Various deep learning models must be capable of accurately detecting fake or adversarial input while maintaining speed. In this work, we propose one…

Machine Learning · Computer Science 2021-06-15 Matthew Ciolino , Josh Kalin , David Noever

Federated learning is particularly susceptible to model poisoning and backdoor attacks because individual users have direct control over the training data and model updates. At the same time, the attack power of an individual user is…

Machine Learning · Computer Science 2022-10-18 Yuxin Wen , Jonas Geiping , Liam Fowl , Hossein Souri , Rama Chellappa , Micah Goldblum , Tom Goldstein

Deep neural networks are vulnerable to a range of adversaries. A particularly pernicious class of vulnerabilities are backdoors, where model predictions diverge in the presence of subtle triggers in inputs. An attacker can implant a…

Machine Learning · Computer Science 2022-12-20 Goutham Ramakrishnan , Aws Albarghouthi

We introduce camouflaged data poisoning attacks, a new attack vector that arises in the context of machine unlearning and other settings when model retraining may be induced. An adversary first adds a few carefully crafted points to the…

Machine Learning · Computer Science 2024-08-02 Jimmy Z. Di , Jack Douglas , Jayadev Acharya , Gautam Kamath , Ayush Sekhari

We introduce a new attack paradigm that embeds hidden adversarial capabilities directly into diffusion models via fine-tuning, without altering their observable behavior or requiring modifications during inference. Unlike prior approaches…

Machine Learning · Computer Science 2025-04-15 Lucas Beerens , Desmond J. Higham

Malicious agents in collaborative learning and outsourced data collection threaten the training of clean models. Backdoor attacks, where an attacker poisons a model during training to successfully achieve targeted misclassification, are a…

Machine Learning · Computer Science 2022-01-31 Siddhartha Datta , Nigel Shadbolt

The incremental diffusion of machine learning algorithms in supporting cybersecurity is creating novel defensive opportunities but also new types of risks. Multiple researches have shown that machine learning methods are vulnerable to…

Cryptography and Security · Computer Science 2021-06-18 Giovanni Apruzzese , Mauro Andreolini , Luca Ferretti , Mirco Marchetti , Michele Colajanni

Backdoor attacks inject poisoning samples during training, with the goal of forcing a machine learning model to output an attacker-chosen class when presented a specific trigger at test time. Although backdoor attacks have been demonstrated…

Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained…

Cryptography and Security · Computer Science 2024-04-02 Shanglun Feng , Florian Tramèr