RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN

TL;DR

This paper introduces RIBAC, a novel backdoor attack method targeting compressed DNNs, achieving high stealthiness, success rate, and efficiency, and demonstrating robustness against defenses.

Contribution

The paper develops a systematic framework for creating imperceptible backdoors in compact DNNs, addressing a gap in security research for compressed models.

Findings

RIBAC achieves high attack success rates on compressed DNNs.

The method maintains high stealthiness and model efficiency.

RIBAC is robust against state-of-the-art defense mechanisms.

Abstract

Recently backdoor attack has become an emerging threat to the security of deep neural network (DNN) models. To date, most of the existing studies focus on backdoor attack against the uncompressed model; while the vulnerability of compressed DNNs, which are widely used in the practical applications, is little exploited yet. In this paper, we propose to study and develop Robust and Imperceptible Backdoor Attack against Compact DNN models (RIBAC). By performing systematic analysis and exploration on the important design knobs, we propose a framework that can learn the proper trigger patterns, model parameters and pruning masks in an efficient way. Thereby achieving high trigger stealthiness, high attack success rate and high model efficiency simultaneously. Extensive evaluations across different datasets, including the test against the state-of-the-art defense mechanisms, demonstrate the high robustness, stealthiness and model efficiency of RIBAC. Code is available at https://github.com/huyvnphan/ECCV2022-RIBAC