TL;DR
This paper introduces BadRefSR, a backdoor attack method targeting reference-based image super-resolution models, demonstrating how triggers can cause the model to produce attacker-specified outputs without affecting normal performance.
Contribution
The paper presents the first backdoor attack framework specifically designed for reference-based super-resolution models, highlighting a new security vulnerability.
Findings
Backdoor triggers cause models to output attacker-specified images.
The attack remains stealthy on clean inputs, maintaining normal performance.
Extensive experiments validate the effectiveness of BadRefSR.
Abstract
Reference-based image super-resolution (RefSR) represents a promising advancement in super-resolution (SR). In contrast to single-image super-resolution (SISR), RefSR leverages an additional reference image to help recover high-frequency details, yet its vulnerability to backdoor attacks has not been explored. To fill this research gap, we propose a novel attack framework called BadRefSR, which embeds backdoors in the RefSR model by adding triggers to the reference images and training with a mixed loss function. Extensive experiments across various backdoor attack settings demonstrate the effectiveness of BadRefSR. The compromised RefSR network performs normally on clean input images, while outputting attacker-specified target images on triggered input images. Our study aims to alert researchers to the potential backdoor risks in RefSR. Codes are available at…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
