MACS-BNet：一种针对压缩学习的隐形多约束对抗后门网络

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-04-21 DOI:10.1109/JIOT.2025.3563088

Haotian Zhu;Wei Wu;Haipeng Peng;Dawei Zhao

{"title":"MACS-BNet：一种针对压缩学习的隐形多约束对抗后门网络","authors":"Haotian Zhu;Wei Wu;Haipeng Peng;Dawei Zhao","doi":"10.1109/JIOT.2025.3563088","DOIUrl":null,"url":null,"abstract":"Deep-learning-based compressed sensing (CS) techniques have exhibited exceptional prowess in signal reconstruction and data-sharing applications, particularly within the realm of Internet of Things sensor data processing. However, existing methods overlook a critical security vulnerability: the susceptibility of CS techniques to backdoor attacks during the reconstruction phase, which could pose severe security risks to downstream applications. This study pioneers an investigation into the feasibility of backdoor injection during the reconstruction phase, presenting the stealthy multiconstraint adversarial backdoor network against compressed learning (MACS-BNet) and substantiating its efficacy in subverting downstream classification tasks. MACS-BNet synergistically incorporates detailed sensing enhancement, fortified by local information relative positional encoding (LiRPE), to elevate image reconstruction fidelity. Concurrently, it employs a multiconstrained adversarial optimization that integrates sparsity, amplitude regulation, and spatial smoothness constraints, achieving an optimal tradeoff between perturbation imperceptibility and attack efficacy. Consequently, victim models are subtly manipulated to yield outputs consistent with the attacker’s objectives. Extensive empirical evaluations reveal that MACS-BNet consistently surpasses seven cutting-edge attack methodologies across attack success rate (ASR), clean sample classification accuracy, and stealthiness under both all-to-one and all-to-all attack paradigms. Specifically, MACS-BNet attains an unparalleled clean classification accuracy of 99.52% and an ASR of 99.43% in the all-to-one mode, while simultaneously ensuring high-quality image reconstruction. Furthermore, MACS-BNet exhibits formidable resistance against detection by seven state-of-the-art defense mechanisms, underscoring its superior stealth and robustness.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 14","pages":"27557-27572"},"PeriodicalIF":8.9000,"publicationDate":"2025-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"MACS-BNet: A Stealthy Multiconstraint Adversarial Backdoor Network Against Compressed Learning\",\"authors\":\"Haotian Zhu;Wei Wu;Haipeng Peng;Dawei Zhao\",\"doi\":\"10.1109/JIOT.2025.3563088\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Deep-learning-based compressed sensing (CS) techniques have exhibited exceptional prowess in signal reconstruction and data-sharing applications, particularly within the realm of Internet of Things sensor data processing. However, existing methods overlook a critical security vulnerability: the susceptibility of CS techniques to backdoor attacks during the reconstruction phase, which could pose severe security risks to downstream applications. This study pioneers an investigation into the feasibility of backdoor injection during the reconstruction phase, presenting the stealthy multiconstraint adversarial backdoor network against compressed learning (MACS-BNet) and substantiating its efficacy in subverting downstream classification tasks. MACS-BNet synergistically incorporates detailed sensing enhancement, fortified by local information relative positional encoding (LiRPE), to elevate image reconstruction fidelity. Concurrently, it employs a multiconstrained adversarial optimization that integrates sparsity, amplitude regulation, and spatial smoothness constraints, achieving an optimal tradeoff between perturbation imperceptibility and attack efficacy. Consequently, victim models are subtly manipulated to yield outputs consistent with the attacker’s objectives. Extensive empirical evaluations reveal that MACS-BNet consistently surpasses seven cutting-edge attack methodologies across attack success rate (ASR), clean sample classification accuracy, and stealthiness under both all-to-one and all-to-all attack paradigms. Specifically, MACS-BNet attains an unparalleled clean classification accuracy of 99.52% and an ASR of 99.43% in the all-to-one mode, while simultaneously ensuring high-quality image reconstruction. Furthermore, MACS-BNet exhibits formidable resistance against detection by seven state-of-the-art defense mechanisms, underscoring its superior stealth and robustness.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 14\",\"pages\":\"27557-27572\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/10971977/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10971977/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

基于深度学习的压缩感知（CS）技术在信号重建和数据共享应用中表现出了非凡的能力，特别是在物联网传感器数据处理领域。然而，现有的方法忽略了一个关键的安全漏洞：CS技术在重建阶段容易受到后门攻击，这可能会给下游应用带来严重的安全风险。本研究率先研究了在重建阶段进行后门注入的可行性，提出了针对压缩学习的隐形多约束对抗后门网络（MACS-BNet），并证实了其在颠覆下游分类任务方面的有效性。MACS-BNet协同融合了细节感知增强，并通过局部信息相对位置编码（LiRPE）加强，以提高图像重建的保真度。同时，它采用了多约束对抗优化，集成了稀疏性、幅度调节和空间平滑约束，在扰动不可感知性和攻击有效性之间实现了最佳权衡。因此，受害者模型被巧妙地操纵，以产生与攻击者目标一致的输出。广泛的经验评估表明，在全对一和全对全攻击范式下，MACS-BNet在攻击成功率（ASR）、干净样本分类准确性和隐身性方面始终超过7种尖端攻击方法。具体而言，MACS-BNet在all-to-one模式下获得了99.52%的干净分类准确率和99.43%的ASR，同时保证了高质量的图像重建。此外，MACS-BNet对七种最先进的防御机制的检测表现出强大的抵抗力，强调其优越的隐身性和鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

MACS-BNet: A Stealthy Multiconstraint Adversarial Backdoor Network Against Compressed Learning

Deep-learning-based compressed sensing (CS) techniques have exhibited exceptional prowess in signal reconstruction and data-sharing applications, particularly within the realm of Internet of Things sensor data processing. However, existing methods overlook a critical security vulnerability: the susceptibility of CS techniques to backdoor attacks during the reconstruction phase, which could pose severe security risks to downstream applications. This study pioneers an investigation into the feasibility of backdoor injection during the reconstruction phase, presenting the stealthy multiconstraint adversarial backdoor network against compressed learning (MACS-BNet) and substantiating its efficacy in subverting downstream classification tasks. MACS-BNet synergistically incorporates detailed sensing enhancement, fortified by local information relative positional encoding (LiRPE), to elevate image reconstruction fidelity. Concurrently, it employs a multiconstrained adversarial optimization that integrates sparsity, amplitude regulation, and spatial smoothness constraints, achieving an optimal tradeoff between perturbation imperceptibility and attack efficacy. Consequently, victim models are subtly manipulated to yield outputs consistent with the attacker’s objectives. Extensive empirical evaluations reveal that MACS-BNet consistently surpasses seven cutting-edge attack methodologies across attack success rate (ASR), clean sample classification accuracy, and stealthiness under both all-to-one and all-to-all attack paradigms. Specifically, MACS-BNet attains an unparalleled clean classification accuracy of 99.52% and an ASR of 99.43% in the all-to-one mode, while simultaneously ensuring high-quality image reconstruction. Furthermore, MACS-BNet exhibits formidable resistance against detection by seven state-of-the-art defense mechanisms, underscoring its superior stealth and robustness.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.