Timezone: »
Recent studies revealed that the training process of deep neural networks (DNNs) is vulnerable to backdoor attacks if third-party training resources are adopted. Among all different types of existing attacks, sample-specific backdoor attacks (SSBAs) are probably the most advanced and malicious methods, since they can easily bypass most of the existing defenses. In this paper, we reveal that SSBAs are not stealthy enough due to their poisoned-label nature, where users can discover anomalies if they check the image-label relationship. Besides, we also show that extending existing SSBAs to the ones under the clean-label setting based on poisoning samples from only the target class has minor effects. Inspired by the decision process of humans, we propose to adopt \emph{attribute} as the trigger to design the sample-specific backdoor attack with clean labels (dubbed BAAT). Experimental results on benchmark datasets verify the effectiveness and stealthiness of BAAT.
Author Information
Yiming Li (Tsinghua University)
Mingyan Zhu (Tsinghua University)
Chengxiao Luo (Tsinghua University)
Haiqing Weng (Ant Group)
Yong Jiang (Tsinghua)
Tao Wei (Ant Group)
Shu-Tao Xia (Tsinghua University)
More from the Same Authors
-
2021 Spotlight: Clustering Effect of Adversarial Robust Models »
Yang Bai · Xin Yan · Yong Jiang · Shu-Tao Xia · Yisen Wang -
2022 Panel: Panel 6A-3: Untargeted Backdoor Watermark:… & Handcrafted Backdoors in… »
Sanghyun Hong · Yiming Li -
2022 Poster: Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection »
Yiming Li · Yang Bai · Yong Jiang · Yong Yang · Shu-Tao Xia · Bo Li -
2021 Poster: Clustering Effect of Adversarial Robust Models »
Yang Bai · Xin Yan · Yong Jiang · Shu-Tao Xia · Yisen Wang -
2020 Poster: Variance Reduction via Accelerated Dual Averaging for Finite-Sum Optimization »
Chaobing Song · Yong Jiang · Yi Ma -
2020 Poster: Optimistic Dual Extrapolation for Coherent Non-monotone Variational Inequalities »
Chaobing Song · Zhengyuan Zhou · Yichao Zhou · Yong Jiang · Yi Ma -
2020 Poster: Adversarial Weight Perturbation Helps Robust Generalization »
Dongxian Wu · Shu-Tao Xia · Yisen Wang -
2020 Poster: Stochastic Deep Gaussian Processes over Graphs »
Naiqi Li · Wenjie Li · Jifeng Sun · Yinghua Gao · Yong Jiang · Shu-Tao Xia -
2018 Poster: BML: A High-performance, Low-cost Gradient Synchronization Algorithm for DML Training »
Songtao Wang · Dan Li · Yang Cheng · Jinkun Geng · Yanshu Wang · Shuai Wang · Shu-Tao Xia · Jianping Wu -
2017 Poster: Accelerated Stochastic Greedy Coordinate Descent by Soft Thresholding Projection onto Simplex »
Chaobing Song · Shaobo Cui · Yong Jiang · Shu-Tao Xia -
2017 Spotlight: Accelerated Stochastic Greedy Coordinate Descent by Soft Thresholding Projection onto Simplex »
Chaobing Song · Shaobo Cui · Yong Jiang · Shu-Tao Xia