ICT：迁移学习中不可见的可计算触发后门攻击

IF 4.3 2区计算机科学 Q1 ENGINEERING, ELECTRICAL & ELECTRONIC

IEEE Transactions on Consumer Electronics Pub Date : 2024-10-08 DOI:10.1109/TCE.2024.3476313

Xiang Chen;Bo Liu;Shaofeng Zhao;Ming Liu;Hui Xu;Zhanbo Li;Zhigao Zheng

{"title":"ICT：迁移学习中不可见的可计算触发后门攻击","authors":"Xiang Chen;Bo Liu;Shaofeng Zhao;Ming Liu;Hui Xu;Zhanbo Li;Zhigao Zheng","doi":"10.1109/TCE.2024.3476313","DOIUrl":null,"url":null,"abstract":"Transfer learning is a commonly used technique in machine learning to reduce the cost of training models. However, it is susceptible to backdoor attacks that cause models to misclassify data with specific triggers while behaving normally on clean data. Existing methods for backdoor attacks in transfer learning either do not consider attack stealthiness or require compromising attack effectiveness for trigger concealment. To overcome this challenge, we introduce the concept of Invisible and Computable Trigger (ICT), which involves two critical steps. First, we propose a new computable trigger obtained by training on input data to greatly increase the attack effect during inference. Second, we embed the trigger into an imperceptible perturbation, allowing poisoned data to appear indistinguishable from clean data. Our experimental results demonstrate that our approach outperforms state-of-the-art methods in both attack effect and stealthiness.","PeriodicalId":13208,"journal":{"name":"IEEE Transactions on Consumer Electronics","volume":"70 4","pages":"6747-6758"},"PeriodicalIF":4.3000,"publicationDate":"2024-10-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"ICT: Invisible Computable Trigger Backdoor Attacks in Transfer Learning\",\"authors\":\"Xiang Chen;Bo Liu;Shaofeng Zhao;Ming Liu;Hui Xu;Zhanbo Li;Zhigao Zheng\",\"doi\":\"10.1109/TCE.2024.3476313\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Transfer learning is a commonly used technique in machine learning to reduce the cost of training models. However, it is susceptible to backdoor attacks that cause models to misclassify data with specific triggers while behaving normally on clean data. Existing methods for backdoor attacks in transfer learning either do not consider attack stealthiness or require compromising attack effectiveness for trigger concealment. To overcome this challenge, we introduce the concept of Invisible and Computable Trigger (ICT), which involves two critical steps. First, we propose a new computable trigger obtained by training on input data to greatly increase the attack effect during inference. Second, we embed the trigger into an imperceptible perturbation, allowing poisoned data to appear indistinguishable from clean data. Our experimental results demonstrate that our approach outperforms state-of-the-art methods in both attack effect and stealthiness.\",\"PeriodicalId\":13208,\"journal\":{\"name\":\"IEEE Transactions on Consumer Electronics\",\"volume\":\"70 4\",\"pages\":\"6747-6758\"},\"PeriodicalIF\":4.3000,\"publicationDate\":\"2024-10-08\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Transactions on Consumer Electronics\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10707319/\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, ELECTRICAL & ELECTRONIC\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Consumer Electronics","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10707319/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

摘要

迁移学习是机器学习中常用的一种技术，用于降低训练模型的成本。然而，它很容易受到后门攻击的影响，这些攻击会导致模型错误地分类具有特定触发因素的数据，而在干净数据上却表现正常。现有的转移学习后门攻击方法要么没有考虑攻击的隐蔽性，要么需要牺牲攻击的有效性来隐藏触发器。为了克服这一挑战，我们引入了隐形可计算触发器（ICT）的概念，其中包括两个关键步骤。首先，我们提出一种新的可计算触发器，通过对输入数据进行训练获得，从而大大提高推理过程中的攻击效果。其次，我们将触发器嵌入到不易察觉的扰动中，使中毒数据看起来与干净数据无异。实验结果表明，我们的方法在攻击效果和隐蔽性方面都优于最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

ICT: Invisible Computable Trigger Backdoor Attacks in Transfer Learning

Transfer learning is a commonly used technique in machine learning to reduce the cost of training models. However, it is susceptible to backdoor attacks that cause models to misclassify data with specific triggers while behaving normally on clean data. Existing methods for backdoor attacks in transfer learning either do not consider attack stealthiness or require compromising attack effectiveness for trigger concealment. To overcome this challenge, we introduce the concept of Invisible and Computable Trigger (ICT), which involves two critical steps. First, we propose a new computable trigger obtained by training on input data to greatly increase the attack effect during inference. Second, we embed the trigger into an imperceptible perturbation, allowing poisoned data to appear indistinguishable from clean data. Our experimental results demonstrate that our approach outperforms state-of-the-art methods in both attack effect and stealthiness.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Transactions on Consumer Electronics 工程技术-电信学

CiteScore

7.70

自引率

9.30%

发文量

审稿时长

3.3 months

期刊介绍： The main focus for the IEEE Transactions on Consumer Electronics is the engineering and research aspects of the theory, design, construction, manufacture or end use of mass market electronics, systems, software and services for consumers.