English
Related papers

Related papers: When Backdoors Go Beyond Triggers: Semantic Drift …

200 papers

Federated learning security research has predominantly focused on backdoor threats from a minority of malicious clients that intentionally corrupt model updates. This paper challenges this paradigm by investigating a more pervasive and…

Cryptography and Security · Computer Science 2026-02-18 Haodong Zhao , Jinming Hu , Gongshen Liu

Early research into data poisoning attacks against Large Language Models (LLMs) demonstrated the ease with which backdoors could be injected. More recent LLMs add step-by-step reasoning, expanding the attack surface to include the…

Cryptography and Security · Computer Science 2025-09-09 Hanna Foerster , Ilia Shumailov , Yiren Zhao , Harsh Chaudhari , Jamie Hayes , Robert Mullins , Yarin Gal

Backdoor attacks are rapidly emerging threats to deep neural networks (DNNs). In the backdoor attack scenario, attackers usually implant the backdoor into the target model by manipulating the training dataset or training process. Then, the…

Cryptography and Security · Computer Science 2022-05-09 Nan Zhong , Zhenxing Qian , Xinpeng Zhang

Backdoor data poisoning, inserted within instruction examples used to fine-tune a foundation Large Language Model (LLM) for downstream tasks (\textit{e.g.,} sentiment prediction), is a serious security concern due to the evasive nature of…

Cryptography and Security · Computer Science 2024-08-23 Jayaram Raghuram , George Kesidis , David J. Miller

Semantic communications seeks to transfer information from a source while conveying a desired meaning to its destination. We model the transmitter-receiver functionalities as an autoencoder followed by a task classifier that evaluates the…

Cryptography and Security · Computer Science 2022-12-21 Yalin E. Sagduyu , Tugba Erpek , Sennur Ulukus , Aylin Yener

Backdoor and data-poisoning attacks can flip predictions with tiny training corruptions, yet a sharp theory linking poisoning strength, overparameterization, and regularization is lacking. We analyze ridge least squares with an unpenalized…

Machine Learning · Statistics 2026-01-06 Donald Flynn , Diego Granziol

Self-supervised learning (SSL) is pervasively exploited in training high-quality upstream encoders with a large amount of unlabeled data. However, it is found to be susceptible to backdoor attacks merely via polluting a small portion of…

Machine Learning · Computer Science 2025-03-21 Sizai Hou , Songze Li , Duanyi Yao

Deep neural networks are vulnerable to adversarial attacks, such as backdoor attacks in which a malicious adversary compromises a model during training such that specific behaviour can be triggered at test time by attaching a specific word…

Cryptography and Security · Computer Science 2022-10-21 You Guo , Jun Wang , Trevor Cohn

As text-to-image diffusion models become increasingly deployed in real-world applications, concerns about backdoor attacks have gained significant attention. Prior work on text-based backdoor attacks has largely focused on diffusion models…

Machine Learning · Computer Science 2026-03-05 Ziyuan Chen , Yujin Jeong , Tobias Braun , Anna Rohrbach

The rise in popularity of text-to-image generative artificial intelligence (AI) has attracted widespread public interest. We demonstrate that this technology can be attacked to generate content that subtly manipulates its users. We propose…

Computer Vision and Pattern Recognition · Computer Science 2023-09-06 Jordan Vice , Naveed Akhtar , Richard Hartley , Ajmal Mian

Backdoor attacks embed malicious triggers into training data, enabling attackers to manipulate neural network behavior during inference while maintaining high accuracy on benign inputs. However, existing backdoor attacks face limitations…

Cryptography and Security · Computer Science 2025-05-27 Zhou Feng , Jiahao Chen , Chunyi Zhou , Yuwen Pu , Qingming Li , Shouling Ji

Deep learning models are susceptible to {\em backdoor attacks} involving malicious attackers perturbing a small subset of training data with a {\em trigger} to causes misclassifications. Various triggers have been used, including semantic…

Computer Vision and Pattern Recognition · Computer Science 2025-03-28 Venkat Adithya Amula , Sunayana Samavedam , Saurabh Saini , Avani Gupta , Narayanan P J

Recent studies have shown that Large Language Models (LLMs) are vulnerable to data poisoning attacks, where malicious training examples embed hidden behaviours triggered by specific input patterns. However, most existing works assume a…

Computation and Language · Computer Science 2025-10-10 Sanhanat Sivapiromrat , Caiqi Zhang , Marco Basaldella , Nigel Collier

Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs), such that the prediction of infected models will be maliciously changed if the hidden backdoor is activated by the attacker-defined trigger. Currently,…

Cryptography and Security · Computer Science 2021-04-27 Yiming Li , Tongqing Zhai , Yong Jiang , Zhifeng Li , Shu-Tao Xia

Trojan (backdoor) attack is a form of adversarial attack on deep neural networks where the attacker provides victims with a model trained/retrained on malicious data. The backdoor can be activated when a normal input is stamped with a…

Machine Learning · Computer Science 2021-01-05 Siyuan Cheng , Yingqi Liu , Shiqing Ma , Xiangyu Zhang

Deep neural networks (DNNs) have been proven vulnerable to backdoor attacks, where hidden features (patterns) trained to a normal model, which is only activated by some specific input (called triggers), trick the model into producing…

Cryptography and Security · Computer Science 2020-09-01 Shaofeng Li , Minhui Xue , Benjamin Zi Hao Zhao , Haojin Zhu , Xinpeng Zhang

Backdoor attacks mislead machine-learning models to output an attacker-specified class when presented a specific trigger at test time. These attacks require poisoning the training data to compromise the learning algorithm, e.g., by…

Machine Learning · Computer Science 2021-11-03 Kathrin Grosse , Taesung Lee , Battista Biggio , Youngja Park , Michael Backes , Ian Molloy

When a small number of poisoned samples are injected into the training dataset of a deep neural network, the network can be induced to exhibit malicious behavior during inferences, which poses potential threats to real-world applications.…

Computer Vision and Pattern Recognition · Computer Science 2024-04-18 Haoheng Lan , Jindong Gu , Philip Torr , Hengshuang Zhao

Deep neural networks (DNNs) are vulnerable to backdoor attacks. The backdoor adversaries intend to maliciously control the predictions of attacked DNNs by injecting hidden backdoors that can be activated by adversary-specified trigger…

Cryptography and Security · Computer Science 2023-03-07 Tong Xu , Yiming Li , Yong Jiang , Shu-Tao Xia

Self-supervised and multimodal vision encoders learn strong visual representations that are widely adopted in downstream vision tasks and large vision-language models (LVLMs). However, downstream users often rely on third-party pretrained…

Computer Vision and Pattern Recognition · Computer Science 2026-03-17 Siquan Huang , Yijiang Li , Ningzhi Gao , Xingfu Yan , Leyu Shi , Ying Gao