ConSeg: Contextual Backdoor Attack Against Semantic Segmentation

TL;DR

This paper introduces ConSeg, a novel backdoor attack on semantic segmentation models that exploits contextual information to improve attack success rates and resist defenses.

Contribution

ConSeg is a simple yet effective attack method that leverages contextual relationships in segmentation models to enhance backdoor performance and robustness.

Findings

ConSeg achieves a 15.55% higher Attack Success Rate compared to existing methods.

ConSeg remains resilient against state-of-the-art backdoor defenses.

The attack exploits co-occurrence context to facilitate mis-segmentation.

Abstract

Despite significant advancements in computer vision, semantic segmentation models may be susceptible to backdoor attacks. These attacks, involving hidden triggers, aim to cause the models to misclassify instances of the victim class as the target class when triggers are present, posing serious threats to the reliability of these models. To further explore the field of backdoor attacks against semantic segmentation, in this paper, we propose a simple yet effective backdoor attack called Contextual Segmentation Backdoor Attack (ConSeg). ConSeg leverages the contextual information inherent in semantic segmentation models to enhance backdoor performance. Our method is motivated by an intriguing observation, i.e., when the target class is set as the `co-occurring' class of the victim class, the victim class can be more easily `mis-segmented'. Building upon this insight, ConSeg mimics the contextual information of the target class and rebuilds it in the victim region to establish the contextual relationship between the target class and the victim class, making the attack easier. Our experiments reveal that ConSeg achieves improvements in Attack Success Rate (ASR) with increases of 15.55\%, compared to existing methods, while exhibiting resilience against state-of-the-art backdoor defenses.