A Robust Attack: Displacement Backdoor Attack

TL;DR

This paper introduces a highly robust backdoor attack method called Displacement Backdoor Attack (DBA) that resists real-world data augmentations like rotation and cropping, highlighting security vulnerabilities in AI systems.

Contribution

The paper proposes a novel backdoor attack technique that remains effective under common data transformations, addressing limitations of previous backdoor methods in practical scenarios.

Findings

DBA resists data augmentation like rotation and cropping

The attack maintains effectiveness under real-world conditions

Demonstrates increased robustness over existing backdoor methods

Abstract

As artificial intelligence becomes more prevalent in our lives, people are enjoying the convenience it brings, but they are also facing hidden threats, such as data poisoning and adversarial attacks. These threats can have disastrous consequences for the application of artificial intelligence, especially for some applications that take effect immediately, such as autonomous driving and medical fields. Among these threats, backdoor attacks have left a deep impression on people with their concealment and simple deployment, making them a threat that cannot be ignored, however, in the process of deploying the backdoor model, the backdoor attack often has some reasons that make it unsatisfactory in real-world applications, such as jitter and brightness changes. Based on this, we propose a highly robust backdoor attack that shifts the target sample and combines it with itself to form a backdoor sample, the Displacement Backdoor Attack(DBA). Experimental results show that the DBA attack can resist data augmentation that simulates real-world differences, such as rotation and cropping.