BadSAM: Exploring Security Vulnerabilities of SAM via Backdoor Attacks
Zihan Guan, Mengxuan Hu, Zhongliang Zhou, Jielu Zhang, Sheng Li,, Ninghao Liu
TL;DR
This paper introduces BadSAM, a novel backdoor attack on the Segment Anything Model (SAM), demonstrating vulnerabilities in its security and robustness for image segmentation tasks, with preliminary experimental validation.
Contribution
It is the first to explore backdoor attacks on SAM, revealing security vulnerabilities and potential risks in deploying foundation models for sensitive applications.
Findings
BadSAM successfully triggers backdoors in SAM.
Preliminary experiments confirm BadSAM's effectiveness on CAMO dataset.
Highlights security concerns in foundation model deployment.
Abstract
Recently, the Segment Anything Model (SAM) has gained significant attention as an image segmentation foundation model due to its strong performance on various downstream tasks. However, it has been found that SAM does not always perform satisfactorily when faced with challenging downstream tasks. This has led downstream users to demand a customized SAM model that can be adapted to these downstream tasks. In this paper, we present BadSAM, the first backdoor attack on the image segmentation foundation model. Our preliminary experiments on the CAMO dataset demonstrate the effectiveness of BadSAM.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · COVID-19 diagnosis using AI
MethodsSegment Anything Model