Fully Hidden Dynamic Trigger Backdoor Attacks

Shintaro Narisada; Seira Hidano; Kazuhide Fukushima

doi:10.5220/0011617800003393

Fully Hidden Dynamic Trigger Backdoor Attacks

Shintaro Narisada, Seira Hidano, Kazuhide Fukushima

2023

Abstract

Indistinguishable adversarial attacks have been demonstrated with the sophistication of adversarial machine learning for neural networks. One example of such advanced algorithms is the backdoor attack with hidden triggers proposed by Saha et al. While Saha’s backdoor attack can produce invisible and dynamic triggers during the training phase without mislabeling, visible patch images are appended during the inference phase. A natural question is whether there exists a clean label backdoor attack whose trigger is dynamic and invisible at all times. In this study, we answer this question by adapting Saha’s backdoor attack to the trigger generation algorithm and by presenting a completely invisible backdoor attack with dynamic triggers and correct labels. Experimental results show that our proposed algorithm outperforms Saha’s backdoor attacks in terms of both indistinguishability and the attack success rate. In addition, we realize that our backdoor attack is a generalization of adversarial examples since our algorithm also works by using poisoning data only during the inference phase. We also describe a concrete algorithm for reconstructing adversarial examples as clean-label backdoor attacks. Several defensive experiments are conducted for both algorithms. This paper discovers the close relationship between hidden trigger backdoor attacks and adversarial examples.

Download

Paper Citation

in Harvard Style

Narisada S., Hidano S. and Fukushima K. (2023). Fully Hidden Dynamic Trigger Backdoor Attacks. In Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART, ISBN 978-989-758-623-1, pages 81-91. DOI: 10.5220/0011617800003393

in Bibtex Style

@conference{icaart23,
author={Shintaro Narisada and Seira Hidano and Kazuhide Fukushima},
title={Fully Hidden Dynamic Trigger Backdoor Attacks},
booktitle={Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART,},
year={2023},
pages={81-91},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011617800003393},
isbn={978-989-758-623-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 15th International Conference on Agents and Artificial Intelligence - Volume 3: ICAART,
TI - Fully Hidden Dynamic Trigger Backdoor Attacks
SN - 978-989-758-623-1
AU - Narisada S.
AU - Hidano S.
AU - Fukushima K.
PY - 2023
SP - 81
EP - 91
DO - 10.5220/0011617800003393