红色警报：持续学习中的可控后门攻击

IF 6 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Neural Networks Pub Date : 2025-04-23 DOI:10.1016/j.neunet.2025.107479

Rui Gao, Weiwei Liu

{"title":"红色警报：持续学习中的可控后门攻击","authors":"Rui Gao, Weiwei Liu","doi":"10.1016/j.neunet.2025.107479","DOIUrl":null,"url":null,"abstract":"<div><div>Continual learning (CL) studies the problem of learning a single model from a sequence of disjoint tasks. The main challenge is to learn without catastrophic forgetting, a scenario in which the model’s performance on previous tasks degrades significantly as new tasks are added. However, few works focus on the security challenge in the CL setting. In this paper, we focus on the backdoor attack in the CL setting. Specifically, we provide the threat model and explore what attackers in a CL setting will face. Based on these findings, we propose a controllable backdoor attack mechanism in continual learning (CBACL). Experimental results on the Split Cifar and Tiny Imagenet datasets confirm the advantages of our proposed mechanism.</div></div>","PeriodicalId":49763,"journal":{"name":"Neural Networks","volume":"188 ","pages":"Article 107479"},"PeriodicalIF":6.0000,"publicationDate":"2025-04-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Red alarm: Controllable backdoor attack in continual learning\",\"authors\":\"Rui Gao, Weiwei Liu\",\"doi\":\"10.1016/j.neunet.2025.107479\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>Continual learning (CL) studies the problem of learning a single model from a sequence of disjoint tasks. The main challenge is to learn without catastrophic forgetting, a scenario in which the model’s performance on previous tasks degrades significantly as new tasks are added. However, few works focus on the security challenge in the CL setting. In this paper, we focus on the backdoor attack in the CL setting. Specifically, we provide the threat model and explore what attackers in a CL setting will face. Based on these findings, we propose a controllable backdoor attack mechanism in continual learning (CBACL). Experimental results on the Split Cifar and Tiny Imagenet datasets confirm the advantages of our proposed mechanism.</div></div>\",\"PeriodicalId\":49763,\"journal\":{\"name\":\"Neural Networks\",\"volume\":\"188 \",\"pages\":\"Article 107479\"},\"PeriodicalIF\":6.0000,\"publicationDate\":\"2025-04-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Neural Networks\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0893608025003582\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Neural Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0893608025003582","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

摘要

持续学习（CL）研究的是从一系列互不关联的任务中学习单个模型的问题。主要的挑战是在没有灾难性遗忘的情况下学习，在这种情况下，随着新任务的加入，模型在之前任务上的表现会显著下降。然而，很少有著作关注CL设置中的安全挑战。本文主要研究CL环境下的后门攻击问题。具体来说，我们提供了威胁模型，并探讨了CL设置中的攻击者将面临的威胁。基于这些发现，我们提出了一种持续学习（CBACL）中的可控后门攻击机制。在Split Cifar和Tiny Imagenet数据集上的实验结果证实了我们提出的机制的优势。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

Red alarm: Controllable backdoor attack in continual learning

查看原文本刊更多论文

Red alarm: Controllable backdoor attack in continual learning

Continual learning (CL) studies the problem of learning a single model from a sequence of disjoint tasks. The main challenge is to learn without catastrophic forgetting, a scenario in which the model’s performance on previous tasks degrades significantly as new tasks are added. However, few works focus on the security challenge in the CL setting. In this paper, we focus on the backdoor attack in the CL setting. Specifically, we provide the threat model and explore what attackers in a CL setting will face. Based on these findings, we propose a controllable backdoor attack mechanism in continual learning (CBACL). Experimental results on the Split Cifar and Tiny Imagenet datasets confirm the advantages of our proposed mechanism.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Neural Networks 工程技术-计算机：人工智能

CiteScore

13.90

自引率

7.70%

发文量

425

审稿时长

67 days

期刊介绍： Neural Networks is a platform that aims to foster an international community of scholars and practitioners interested in neural networks, deep learning, and other approaches to artificial intelligence and machine learning. Our journal invites submissions covering various aspects of neural networks research, from computational neuroscience and cognitive modeling to mathematical analyses and engineering applications. By providing a forum for interdisciplinary discussions between biology and technology, we aim to encourage the development of biologically-inspired artificial intelligence.