TL;DR
This paper explores the vulnerability of deep learning crowd counting models to novel backdoor attacks that manipulate density estimations, revealing key factors for effective attacks and evaluating their success across multiple models and datasets.
Contribution
It introduces two new backdoor attack methods tailored for regression crowd counting models, addressing their unique output structure and demonstrating their effectiveness.
Findings
DMBA attacks successfully manipulate density estimates in five models
Full, dense triggers are essential for effective backdoor attacks
Manipulating ground truth densities is a key attack element
Abstract
Crowd counting is a regression task that estimates the number of people in a scene image, which plays a vital role in a range of safety-critical applications, such as video surveillance, traffic monitoring and flow control. In this paper, we investigate the vulnerability of deep learning based crowd counting models to backdoor attacks, a major security threat to deep learning. A backdoor attack implants a backdoor trigger into a target model via data poisoning so as to control the model's predictions at test time. Different from image classification models on which most of existing backdoor attacks have been developed and tested, crowd counting models are regression models that output multi-dimensional density maps, thus requiring different techniques to manipulate. In this paper, we propose two novel Density Manipulation Backdoor Attacks (DMBA and DMBA) to attack the…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsTest
