Attacking by Aligning: Clean-Label Backdoor Attacks on Object Detection

TL;DR

This paper introduces a novel clean-label backdoor attack method on object detection models, achieving high success rates without altering ground truth annotations, posing significant security threats in critical applications.

Contribution

It is the first to explore backdoor attacks on object detection, proposing a simple method effective without modifying ground truth labels, and demonstrating high success on MSCOCO2017.

Findings

Attack success rate exceeds 92% on MSCOCO2017

Effective with only 5% poisoning rate

No modification of ground truth annotations required

Abstract

Deep neural networks (DNNs) have shown unprecedented success in object detection tasks. However, it was also discovered that DNNs are vulnerable to multiple kinds of attacks, including Backdoor Attacks. Through the attack, the attacker manages to embed a hidden backdoor into the DNN such that the model behaves normally on benign data samples, but makes attacker-specified judgments given the occurrence of a predefined trigger. Although numerous backdoor attacks have been experimented on image classification, backdoor attacks on object detection tasks have not been properly investigated and explored. As object detection has been adopted as an important module in multiple security-sensitive applications such as autonomous driving, backdoor attacks on object detection could pose even more severe threats. Inspired by the inherent property of deep learning-based object detectors, we propose a simple yet effective backdoor attack method against object detection without modifying the ground truth annotations, specifically focusing on the object disappearance attack and object generation attack. Extensive experiments and ablation studies prove the effectiveness of our attack on the benchmark object detection dataset MSCOCO2017, on which we achieve an attack success rate of more than 92% with a poison rate of only 5%.