TL;DR
Poison Ink introduces a robust, invisible backdoor attack method that leverages image structures and deep embedding to achieve high stealthiness and resistance against defenses across various datasets and models.
Contribution
The paper proposes Poison Ink, a novel backdoor attack that is both robust to data transformations and invisible, outperforming existing methods in stealthiness and resilience.
Findings
Outperforms existing backdoor methods in stealthiness and robustness.
Effective across multiple datasets and neural network architectures.
Resistant to many state-of-the-art defense techniques.
Abstract
Recent research shows deep neural networks are vulnerable to different types of attacks, such as adversarial attack, data poisoning attack and backdoor attack. Among them, backdoor attack is the most cunning one and can occur in almost every stage of deep learning pipeline. Therefore, backdoor attack has attracted lots of interests from both academia and industry. However, most existing backdoor attack methods are either visible or fragile to some effortless pre-processing such as common data transformations. To address these limitations, we propose a robust and invisible backdoor attack called "Poison Ink". Concretely, we first leverage the image structures as target poisoning areas, and fill them with poison ink (information) to generate the trigger pattern. As the image structure can keep its semantic meaning during the data transformation, such trigger pattern is inherently robust…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
