loading
Papers Papers/2022 Papers Papers/2022

Research.Publish.Connect.

Paper

Authors: Shintaro Narisada ; Seira Hidano and Kazuhide Fukushima

Affiliation: KDDI Research, Inc., Fujimino, Japan

Keyword(s): Backdoor Attacks, Poisoning Attacks, Invisible Trigger, Evasion Attacks, Generalization.

Abstract: Indistinguishable adversarial attacks have been demonstrated with the sophistication of adversarial machine learning for neural networks. One example of such advanced algorithms is the backdoor attack with hidden triggers proposed by Saha et al. While Saha’s backdoor attack can produce invisible and dynamic triggers during the training phase without mislabeling, visible patch images are appended during the inference phase. A natural question is whether there exists a clean label backdoor attack whose trigger is dynamic and invisible at all times. In this study, we answer this question by adapting Saha’s backdoor attack to the trigger generation algorithm and by presenting a completely invisible backdoor attack with dynamic triggers and correct labels. Experimental results show that our proposed algorithm outperforms Saha’s backdoor attacks in terms of both indistinguishability and the attack success rate. In addition, we realize that our backdoor attack is a generalization of adversa rial examples since our algorithm also works by using poisoning data only during the inference phase. We also describe a concrete algorithm for reconstructing adversarial examples as clean-label backdoor attacks. Several defensive experiments are conducted for both algorithms. This paper discovers the close relationship between hidden trigger backdoor attacks and adversarial examples. (More)

CC BY-NC-ND 4.0

Sign In Guest: Register as new SciTePress user now for free.

Sign In SciTePress user: please login.

PDF ImageMy Papers

You are not signed in, therefore limits apply to your IP address 18.223.159.143

In the current month:
Recent papers: 100 available of 100 total
2+ years older papers: 200 available of 200 total

Paper citation in several formats:
Narisada, S., Hidano, S. and Fukushima, K. (2023). Fully Hidden Dynamic Trigger Backdoor Attacks. In Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART; ISBN 978-989-758-623-1; ISSN 2184-433X, SciTePress, pages 81-91. DOI: 10.5220/0011617800003393

@conference{icaart23,
author={Shintaro Narisada and Seira Hidano and Kazuhide Fukushima},
title={Fully Hidden Dynamic Trigger Backdoor Attacks},
booktitle={Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART},
year={2023},
pages={81-91},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011617800003393},
isbn={978-989-758-623-1},
issn={2184-433X},
}

TY - CONF

JO - Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART
TI - Fully Hidden Dynamic Trigger Backdoor Attacks
SN - 978-989-758-623-1
IS - 2184-433X
AU - Narisada, S.
AU - Hidano, S.
AU - Fukushima, K.
PY - 2023
SP - 81
EP - 91
DO - 10.5220/0011617800003393
PB - SciTePress

- Science and Technology Publications, Lda.
RESOURCES

Proceedings

Papers

Authors

Ontology

CONTACTS

Science and Technology Publications, Lda
Avenida de S. Francisco Xavier, Lote 7 Cv. C,
2900-616 Setúbal, Portugal.

Phone: +351 265 520 185 (National fixed network call)
Fax: +351 265 520 186
Email: info@scitepress.org

EXTERNAL LINKS

PRIMORIS

INSTICC

SCITEVENTS

CROSSREF

PROCEEDINGS SUBMITTED FOR INDEXATION BY:

dblp

Ei Compendex

SCOPUS

Semantic Scholar

Google Scholar

Microsoft Academic