English
Related papers

Related papers: Clean-Label Physical Backdoor Attacks with Data Di…

200 papers

Targeted clean-label data poisoning is a type of adversarial attack on machine learning systems in which an adversary injects a few correctly-labeled, minimally-perturbed samples into the training data, causing a model to misclassify a…

Machine Learning · Computer Science 2020-08-14 Neehar Peri , Neal Gupta , W. Ronny Huang , Liam Fowl , Chen Zhu , Soheil Feizi , Tom Goldstein , John P. Dickerson

Deep neural networks (DNNs) are vulnerable to backdoor attack, which does not affect the network's performance on clean data but would manipulate the network behavior once a trigger pattern is added. Existing defense methods have greatly…

Machine Learning · Computer Science 2025-04-08 Min Liu , Alberto Sangiovanni-Vincentelli , Xiangyu Yue

Deep Neural Networks (DNNs) are susceptible to backdoor attacks, where adversaries poison training data to implant backdoor into the victim model. Current backdoor defenses on poisoned data often suffer from high computational costs or low…

Multimedia · Computer Science 2025-07-28 Binyan Xu , Fan Yang , Xilin Dai , Di Tang , Kehuan Zhang

Graph Neural Networks (GNNs) have demonstrated strong performance across tasks such as node classification, link prediction, and graph classification, but remain vulnerable to backdoor attacks that implant imperceptible triggers during…

Machine Learning · Computer Science 2025-12-16 Xiaobao Wang , Ruoxiao Sun , Yujun Zhang , Bingdao Feng , Dongxiao He , Luzhi Wang , Di Jin

Recently, backdoor attacks pose a new security threat to the training process of deep neural networks (DNNs). Attackers intend to inject hidden backdoors into DNNs, such that the attacked model performs well on benign samples, whereas its…

Cryptography and Security · Computer Science 2021-08-16 Yuezun Li , Yiming Li , Baoyuan Wu , Longkang Li , Ran He , Siwei Lyu

Backdoor attacks aim to inject a backdoor into a classifier such that it predicts any input with an attacker-chosen backdoor trigger as an attacker-chosen target class. Existing backdoor attacks require either retraining the classifier with…

Cryptography and Security · Computer Science 2024-12-10 Bochuan Cao , Jinyuan Jia , Chuxuan Hu , Wenbo Guo , Zhen Xiang , Jinghui Chen , Bo Li , Dawn Song

To gather a significant quantity of annotated training data for high-performance image classification models, numerous companies opt to enlist third-party providers to label their unlabeled data. This practice is widely regarded as secure,…

Computer Vision and Pattern Recognition · Computer Science 2025-11-11 Dazhong Rong , Guoyao Yu , Shuheng Shen , Xinyi Fu , Peng Qian , Jianhai Chen , Qinming He , Xing Fu , Weiqiang Wang

Backdoor attacks pose serious security threats to deep neural networks (DNNs). Backdoored models make arbitrarily (targeted) incorrect predictions on inputs embedded with well-designed triggers while behaving normally on clean inputs. Many…

Cryptography and Security · Computer Science 2023-07-21 Yudong Gao , Honglong Chen , Peng Sun , Junjian Li , Anqing Zhang , Zhibo Wang

Clean-label poisoning attacks inject innocuous looking (and "correctly" labeled) poison images into training data, causing a model to misclassify a targeted image after being trained on this data. We consider transferable poisoning attacks…

Machine Learning · Statistics 2019-05-17 Chen Zhu , W. Ronny Huang , Ali Shafahi , Hengduo Li , Gavin Taylor , Christoph Studer , Tom Goldstein

Outsourced deep neural networks have been demonstrated to suffer from patch-based trojan attacks, in which an adversary poisons the training sets to inject a backdoor in the obtained model so that regular inputs can be still labeled…

Cryptography and Security · Computer Science 2022-05-17 Ying He , Zhili Shen , Chang Xia , Jingyu Hua , Wei Tong , Sheng Zhong

Deep learning-based lane detection (LD) plays a critical role in autonomous driving and advanced driver assistance systems. However, its vulnerability to backdoor attacks presents a significant security concern. Existing backdoor attack…

Cryptography and Security · Computer Science 2026-03-26 Yifan Liao , Yuxin Cao , Yedi Zhang , Wentao He , Yan Xiao , Xianglong Du , Zhiyong Huang , Jin Song Dong

Deep learning models have consistently outperformed traditional machine learning models in various classification tasks, including image classification. As such, they have become increasingly prevalent in many real world applications…

Cryptography and Security · Computer Science 2018-08-31 Cong Liao , Haoti Zhong , Anna Squicciarini , Sencun Zhu , David Miller

Deep learning models have achieved high performance on many tasks, and thus have been applied to many security-critical scenarios. For example, deep learning-based face recognition systems have been used to authenticate users to access many…

Cryptography and Security · Computer Science 2017-12-18 Xinyun Chen , Chang Liu , Bo Li , Kimberly Lu , Dawn Song

With the rapid advancement of image generative models, generative data augmentation has become an effective way to enrich training images, especially when only small-scale datasets are available. At the same time, in practical applications,…

Computer Vision and Pattern Recognition · Computer Science 2026-02-04 Ting Xiang , Jinhui Zhao , Changjian Chen , Zhuo Tang

Dataset distillation (DD) enhances training efficiency and reduces bandwidth by condensing large datasets into smaller synthetic ones. It enables models to achieve performance comparable to those trained on the raw full dataset and has…

Cryptography and Security · Computer Science 2025-02-07 Ziyuan Yang , Ming Yan , Yi Zhang , Joey Tianyi Zhou

Backdoor attacks on deep neural networks have emerged as significant security threats, especially as DNNs are increasingly deployed in security-critical applications. However, most existing works assume that the attacker has access to the…

Cryptography and Security · Computer Science 2024-08-22 Jiahao Wang , Xianglong Zhang , Xiuzhen Cheng , Pengfei Hu , Guoming Zhang

By injecting a small number of poisoned samples into the training set, backdoor attacks aim to make the victim model produce designed outputs on any input injected with pre-designed backdoors. In order to achieve a high attack success rate…

Cryptography and Security · Computer Science 2024-07-23 Minlong Peng , Zidi Xiong , Quang H. Nguyen , Mingming Sun , Khoa D. Doan , Ping Li

Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of infected models will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger. Currently,…

Cryptography and Security · Computer Science 2021-04-27 Yiming Li , Tongqing Zhai , Yong Jiang , Zhifeng Li , Shu-Tao Xia

3D deep learning has been increasingly more popular for a variety of tasks including many safety-critical applications. However, recently several works raise the security issues of 3D deep models. Although most of them consider adversarial…

Machine Learning · Computer Science 2025-05-09 Xinke Li , Zhirui Chen , Yue Zhao , Zekun Tong , Yabang Zhao , Andrew Lim , Joey Tianyi Zhou

The financial industry relies on deep learning models for making important decisions. This adoption brings new danger, as deep black-box models are known to be vulnerable to adversarial attacks. In computer vision, one can shape the output…

Machine Learning · Computer Science 2024-08-27 Alina Ermilova , Elizaveta Kovtun , Dmitry Berestnev , Alexey Zaytsev