English
Related papers

Related papers: Defending Against Patch-based Backdoor Attacks on …

200 papers

To promote secure and private artificial intelligence (SPAI), we review studies on the model security and data privacy of DNNs. Model security allows system to behave as intended without being affected by malicious external influences that…

Cryptography and Security · Computer Science 2021-03-11 Ho Bae , Jaehee Jang , Dahuin Jung , Hyemi Jang , Heonseok Ha , Hyungyu Lee , Sungroh Yoon

Federated Learning (FL) allows multiple clients to collaboratively train a Neural Network (NN) model on their private data without revealing the data. Recently, several targeted poisoning attacks against FL have been introduced. These…

Cryptography and Security · Computer Science 2022-01-04 Phillip Rieger , Thien Duc Nguyen , Markus Miettinen , Ahmad-Reza Sadeghi

Semi-supervised Federated Learning (SSFL) has recently drawn much attention due to its practical consideration, i.e., the clients may only have unlabeled data. In practice, these SSFL systems implement semi-supervised training by assigning…

Machine Learning · Computer Science 2022-05-10 Yi Liu , Xingliang Yuan , Ruihui Zhao , Cong Wang , Dusit Niyato , Yefeng Zheng

Deep image classification models trained on vast amounts of web-scraped data are susceptible to data poisoning - a mechanism for backdooring models. A small number of poisoned samples seen during training can severely undermine a model's…

Cryptography and Security · Computer Science 2023-06-30 Nils Lukas , Florian Kerschbaum

Deep learning models have recently shown to be vulnerable to backdoor poisoning, an insidious attack where the victim model predicts clean images correctly but classifies the same images as the target class when a trigger poison pattern is…

Computer Vision and Pattern Recognition · Computer Science 2019-11-20 Alvin Chan , Yew-Soon Ong

Federated Learning (FL) is a decentralized machine learning method that enables participants to collaboratively train a model without sharing their private data. Despite its privacy and scalability benefits, FL is susceptible to backdoor…

Cryptography and Security · Computer Science 2024-09-11 Yujie Zhang , Neil Gong , Michael K. Reiter

Backdoor attacks poison the training data, causing the model to behave normally on clean inputs but predict attacker-chosen labels when trigger patterns are embedded into the input samples. Defending against such attacks is highly…

Cryptography and Security · Computer Science 2026-04-28 Wei Guo , Maura Pintor , Ambra Demontis , Battista Biggio

Backdoor attack is a major threat to deep learning systems in safety-critical scenarios, which aims to trigger misbehavior of neural network models under attacker-controlled conditions. However, most backdoor attacks have to modify the…

Machine Learning · Computer Science 2023-08-24 Yizhen Yuan , Rui Kong , Shenghao Xie , Yuanchun Li , Yunxin Liu

Recent studies have revealed a security threat to natural language processing (NLP) models, called the Backdoor Attack. Victim models can maintain competitive performance on clean samples while behaving abnormally on samples with a specific…

Computation and Language · Computer Science 2021-03-30 Wenkai Yang , Lei Li , Zhiyuan Zhang , Xuancheng Ren , Xu Sun , Bin He

Neural networks are widely known to be vulnerable to backdoor attacks, a method that poisons a portion of the training data to make the target model perform well on normal data sets, while outputting attacker-specified or random categories…

Computer Vision and Pattern Recognition · Computer Science 2024-06-07 Yong Li , Han Gao

Due to the popularity of Artificial Intelligence (AI) techniques, we are witnessing an increasing number of backdoor injection attacks that are designed to maliciously threaten Deep Neural Networks (DNNs) causing misclassification. Although…

Machine Learning · Computer Science 2022-05-18 Zhihao Yue , Jun Xia , Zhiwei Ling , Ming Hu , Ting Wang , Xian Wei , Mingsong Chen

Deep neural networks (DNNs) are vulnerable to backdoor attacks, where an attacker manipulates a small portion of the training data to implant hidden backdoors into the model. The compromised model behaves normally on clean samples but…

Cryptography and Security · Computer Science 2026-02-20 Ting Qiao , Yingjia Wang , Xing Liu , Sixing Wu , Jianbin Li , Yiming Li

Split learning is a collaborative learning design that allows several participants (clients) to train a shared model while keeping their datasets private. Recent studies demonstrate that collaborative learning models, specifically federated…

Cryptography and Security · Computer Science 2023-05-29 Behrad Tajalli , Oguzhan Ersoy , Stjepan Picek

Self-supervised learning (SSL) is pervasively exploited in training high-quality upstream encoders with a large amount of unlabeled data. However, it is found to be susceptible to backdoor attacks merely via polluting a small portion of…

Machine Learning · Computer Science 2025-03-21 Sizai Hou , Songze Li , Duanyi Yao

Modern NLP models are often trained on public datasets drawn from diverse sources, rendering them vulnerable to data poisoning attacks. These attacks can manipulate the model's behavior in ways engineered by the attacker. One such tactic…

Computation and Language · Computer Science 2024-05-21 Xuanli He , Qiongkai Xu , Jun Wang , Benjamin I. P. Rubinstein , Trevor Cohn

Multimodal contrastive learning uses various data modalities to create high-quality features, but its reliance on extensive data sources on the Internet makes it vulnerable to backdoor attacks. These attacks insert malicious behaviors…

Cryptography and Security · Computer Science 2024-10-01 Kuanrong Liu , Siyuan Liang , Jiawei Liang , Pengwen Dai , Xiaochun Cao

Spiking Neural Networks (SNNs), the third generation neural networks, are known for their low energy consumption and high robustness. SNNs are developing rapidly and can compete with Artificial Neural Networks (ANNs) in many fields. To…

Cryptography and Security · Computer Science 2024-09-25 Lingxin Jin , Meiyu Lin , Wei Jiang , Jinyu Zhan

Masked image modeling (MIM) revolutionizes self-supervised learning (SSL) for image pre-training. In contrast to previous dominating self-supervised methods, i.e., contrastive learning, MIM attains state-of-the-art performance by masking…

Cryptography and Security · Computer Science 2022-10-05 Xinyue Shen , Xinlei He , Zheng Li , Yun Shen , Michael Backes , Yang Zhang

Recent studies have shown that deep neural networks (DNNs) are vulnerable to backdoor attacks, where a designed trigger is injected into the dataset, causing erroneous predictions when activated. In this paper, we propose a novel defense…

Machine Learning · Computer Science 2025-08-08 Wenjie Huo , Katinka Wolter

Backdoor attacks are dangerous and difficult to prevent in federated learning (FL), where training data is sourced from untrusted clients over long periods of time. These difficulties arise because: (a) defenders in FL do not have access to…

Machine Learning · Computer Science 2023-02-01 Shuaiqi Wang , Jonathan Hayase , Giulia Fanti , Sewoong Oh