English
Related papers

Related papers: When Backdoors Go Beyond Triggers: Semantic Drift …

200 papers

This paper analyzes the impact of causal manner in the text encoder of text-to-image (T2I) diffusion models, which can lead to information bias and loss. Previous works have focused on addressing the issues through the denoising process.…

Computer Vision and Pattern Recognition · Computer Science 2024-11-11 Chieh-Yun Chen , Chiang Tseng , Li-Wu Tsao , Hong-Han Shuai

Interpretability is crucial to understand the inner workings of deep neural networks (DNNs) and many interpretation methods generate saliency maps that highlight parts of the input image that contribute the most to the prediction made by…

Cryptography and Security · Computer Science 2022-07-21 Shihong Fang , Anna Choromanska

Backdoor attacks creating 'sleeper agents' in large language models (LLMs) pose significant safety risks. This study employs mechanistic interpretability to explore resulting internal structural differences. Comparing clean Qwen2.5-3B…

Computation and Language · Computer Science 2025-08-25 Mohammed Abu Baker , Lakshmi Babu-Saheer

Diffusion models (DMs) are advanced deep learning models that achieved state-of-the-art capability on a wide range of generative tasks. However, recent studies have shown their vulnerability regarding backdoor attacks, in which backdoored…

Artificial Intelligence · Computer Science 2024-09-24 Vu Tuan Truong , Long Bao Le

Code LLMs are increasingly employed in software development. However, studies have shown that they are vulnerable to backdoor attacks: when a trigger (a specific input pattern) appears in the input, the backdoor will be activated and cause…

Cryptography and Security · Computer Science 2025-10-07 Chenyu Wang , Zhou Yang , Yaniv Harel , David Lo

Deep neural networks (DNNs) have gain its popularity in various scenarios in recent years. However, its excellent ability of fitting complex functions also makes it vulnerable to backdoor attacks. Specifically, a backdoor can remain hidden…

Cryptography and Security · Computer Science 2023-05-18 Xinrui Liu , Yu-an Tan , Yajie Wang , Kefan Qiu , Yuanzhang Li

Pervasive backdoors are triggered by dynamic and pervasive input perturbations. They can be intentionally injected by attackers or naturally exist in normally trained models. They have a different nature from the traditional static and…

Cryptography and Security · Computer Science 2022-06-22 Guanhong Tao , Yingqi Liu , Siyuan Cheng , Shengwei An , Zhuo Zhang , Qiuling Xu , Guangyu Shen , Xiangyu Zhang

Poisoning-based backdoor attacks pose significant threats to deep neural networks by embedding triggers in training data, causing models to misclassify triggered inputs as adversary-specified labels while maintaining performance on clean…

Cryptography and Security · Computer Science 2026-04-24 Yuchen Shi , Xin Guo , Huajie Chen , Tianqing Zhu , Bo Liu , Wanlei Zhou

Architectural obfuscation - e.g., permuting hidden-state tensors, linearly transforming embedding tables, or remapping tokens - has recently gained traction as a lightweight substitute for heavyweight cryptography in privacy-preserving…

Cryptography and Security · Computer Science 2025-06-24 Marcos Florencio , Thomas Barton

Detecting whether a model has been poisoned is a longstanding problem in AI security. In this work, we present a practical scanner for identifying sleeper agent-style backdoors in causal language models. Our approach relies on two key…

Cryptography and Security · Computer Science 2026-02-04 Blake Bullwinkel , Giorgio Severi , Keegan Hines , Amanda Minnich , Ram Shankar Siva Kumar , Yonatan Zunger

Text-to-image (T2I) models can effectively capture the content or style of reference images to perform high-quality customization. A representative technique for this is fine-tuning using low-rank adaptations (LoRA), which enables efficient…

Computer Vision and Pattern Recognition · Computer Science 2024-12-13 Geonhui Jang , Jin-Hwa Kim , Yong-Hyun Park , Junho Kim , Gayoung Lee , Yonghyun Jeong

A backdoor attack in deep learning inserts a hidden backdoor in the model to trigger malicious behavior upon specific input patterns. Existing detection approaches assume a metric space (for either the original inputs or their latent…

Cryptography and Security · Computer Science 2023-12-06 Xiaoxing Mo , Yechao Zhang , Leo Yu Zhang , Wei Luo , Nan Sun , Shengshan Hu , Shang Gao , Yang Xiang

Dataset condensation aims to synthesize compact yet informative datasets that retain the training efficacy of full-scale data, offering substantial gains in efficiency. Recent studies reveal that the condensation process can be vulnerable…

Cryptography and Security · Computer Science 2026-04-01 He Yang , Dongyi Lv , Song Ma , Wei Xi , Jizhong Zhao

Clean-image backdoor attacks, which use only label manipulation in training datasets to compromise deep neural networks, pose a significant threat to security-critical applications. A critical flaw in existing methods is that the poison…

Computer Vision and Pattern Recognition · Computer Science 2025-11-12 Binyan Xu , Fan Yang , Di Tang , Xilin Dai , Kehuan Zhang

Under a commonly-studied backdoor poisoning attack against classification models, an attacker adds a small trigger to a subset of the training data, such that the presence of this trigger at test time causes the classifier to always predict…

Machine Learning · Computer Science 2021-10-06 Mingjie Sun , Siddhant Agarwal , J. Zico Kolter

We present BadGD, a unified theoretical framework that exposes the vulnerabilities of gradient descent algorithms through strategic backdoor attacks. Backdoor attacks involve embedding malicious triggers into a training dataset to disrupt…

Machine Learning · Computer Science 2024-05-28 Chi-Hua Wang , Guang Cheng

Deep neural networks (DNNs) have been widely and successfully adopted and deployed in various applications of speech recognition. Recently, a few works revealed that these models are vulnerable to backdoor attacks, where the adversaries can…

Sound · Computer Science 2023-07-18 Hanbo Cai , Pengcheng Zhang , Hai Dong , Yan Xiao , Stefanos Koffas , Yiming Li

Backdoor attacks, in which a model behaves maliciously when given an attacker-specified trigger, pose a major security risk for practitioners who depend on publicly released language models. As a countermeasure, backdoor detection methods…

Computation and Language · Computer Science 2025-09-23 Jun Yan , Wenjie Jacky Mo , Xiang Ren , Robin Jia

Speaker identification (SI) determines a speaker's identity based on their spoken utterances. Previous work indicates that SI deep neural networks (DNNs) are vulnerable to backdoor attacks. Backdoor attacks involve embedding hidden triggers…

Cryptography and Security · Computer Science 2024-09-19 Coen Schoof , Stefanos Koffas , Mauro Conti , Stjepan Picek

Deep neural networks (DNNs) have progressed rapidly during the past decade and have been deployed in various real-world applications. Meanwhile, DNN models have been shown to be vulnerable to security and privacy attacks. One such attack…

Cryptography and Security · Computer Science 2021-10-06 Xiaoyi Chen , Ahmed Salem , Dingfan Chen , Michael Backes , Shiqing Ma , Qingni Shen , Zhonghai Wu , Yang Zhang