Backdoor Attack with Invisible Triggers Based on Model Architecture Modification

TL;DR

This paper introduces a novel backdoor attack method that embeds stealthy, invisible triggers directly into model architectures, making detection difficult and posing significant security risks.

Contribution

It presents a new architectural modification-based backdoor attack that generates inconspicuous triggers, enhancing stealthiness and effectiveness over traditional visible trigger methods.

Findings

Effective backdoor activation with invisible triggers

Triggers remain undetectable by manual inspection and detection tools

Attack demonstrated on standard computer vision benchmarks

Abstract

Machine learning systems are vulnerable to backdoor attacks, where attackers manipulate model behavior through data tampering or architectural modifications. Traditional backdoor attacks involve injecting malicious samples with specific triggers into the training data, causing the model to produce targeted incorrect outputs in the presence of the corresponding triggers. More sophisticated attacks modify the model's architecture directly, embedding backdoors that are harder to detect as they evade traditional data-based detection methods. However, the drawback of the architectural modification based backdoor attacks is that the trigger must be visible in order to activate the backdoor. To further strengthen the invisibility of the backdoor attacks, a novel backdoor attack method is presented in the paper. To be more specific, this method embeds the backdoor within the model's architecture and has the capability to generate inconspicuous and stealthy triggers. The attack is implemented by modifying pre-trained models, which are then redistributed, thereby posing a potential threat to unsuspecting users. Comprehensive experiments conducted on standard computer vision benchmarks validate the effectiveness of this attack and highlight the stealthiness of its triggers, which remain undetectable through both manual visual inspection and advanced detection tools.