Stealthy Backdoor Attack via Confidence-driven Sampling

TL;DR

This paper presents a novel backdoor attack method that strategically poisons samples near the decision boundary using confidence scores, making detection and defense more difficult while maintaining compatibility with various trigger designs.

Contribution

It introduces a confidence-driven sampling technique for backdoor attacks that improves stealthiness and robustness against defenses, addressing limitations of previous random sampling methods.

Findings

Significantly increases attack stealthiness and effectiveness.

Reduces detectability by defense mechanisms.

Operates independently of trigger design variations.

Abstract

Backdoor attacks aim to surreptitiously insert malicious triggers into DNN models, granting unauthorized control during testing scenarios. Existing methods lack robustness against defense strategies and predominantly focus on enhancing trigger stealthiness while randomly selecting poisoned samples. Our research highlights the overlooked drawbacks of random sampling, which make that attack detectable and defensible. The core idea of this paper is to strategically poison samples near the model's decision boundary and increase defense difficulty. We introduce a straightforward yet highly effective sampling methodology that leverages confidence scores. Specifically, it selects samples with lower confidence scores, significantly increasing the challenge for defenders in identifying and countering these attacks. Importantly, our method operates independently of existing trigger designs, providing versatility and compatibility with various backdoor attack techniques. We substantiate the effectiveness of our approach through a comprehensive set of empirical experiments, demonstrating its potential to significantly enhance resilience against backdoor attacks in DNNs.