物联网中场景文本识别的后门攻击

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-07-07 DOI:10.1109/JIOT.2025.3586440

Qiuhua Wang;Yi Hu;Xiyuan Jia;Guohua Wu;Yizhi Ren;Gaoning Pan;Yanyu Cheng

{"title":"物联网中场景文本识别的后门攻击","authors":"Qiuhua Wang;Yi Hu;Xiyuan Jia;Guohua Wu;Yizhi Ren;Gaoning Pan;Yanyu Cheng","doi":"10.1109/JIOT.2025.3586440","DOIUrl":null,"url":null,"abstract":"Recent researches have shown that nonsequential tasks based on deep neural networks (DNNs), such as image classification and object detection, are vulnerable to backdoor attacks, leading to incorrect model predictions. As a crucial task in computer vision, scene text recognition (STR) is widely used in Internet of Things (IoT) fields, such as intelligent transportation system and intelligent surveillance. Given its importance, ensuring the security and accuracy of STR models is critical. However, there are currently no studies on STR backdoor attacks. In this article, we make the first attempt to validate backdoor threats on STR models by using a patch-based attack method. Our experimental results confirm that STR models can be successfully compromised with attack success rate (ASR) of over 80% on most datasets. However, we also reveal a critical flaw: the patch-based attack lacks robustness due to the specific preprocessing in STR models [such as resizing and thin-plate spline (TPS) rectification], which distort or eliminate the backdoor triggers. To address this, we further propose BadSTR, a novel backdoor attack method that uses semantic text sequences as triggers. Extensive experiments on eight benchmark datasets show that our proposed BadSTR achieves ASR of over 90% for most model-dataset combinations with significantly improved robustness.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 18","pages":"38526-38539"},"PeriodicalIF":8.9000,"publicationDate":"2025-07-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"BadSTR: Backdoor Attack on Scene Text Recognition in IoT\",\"authors\":\"Qiuhua Wang;Yi Hu;Xiyuan Jia;Guohua Wu;Yizhi Ren;Gaoning Pan;Yanyu Cheng\",\"doi\":\"10.1109/JIOT.2025.3586440\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recent researches have shown that nonsequential tasks based on deep neural networks (DNNs), such as image classification and object detection, are vulnerable to backdoor attacks, leading to incorrect model predictions. As a crucial task in computer vision, scene text recognition (STR) is widely used in Internet of Things (IoT) fields, such as intelligent transportation system and intelligent surveillance. Given its importance, ensuring the security and accuracy of STR models is critical. However, there are currently no studies on STR backdoor attacks. In this article, we make the first attempt to validate backdoor threats on STR models by using a patch-based attack method. Our experimental results confirm that STR models can be successfully compromised with attack success rate (ASR) of over 80% on most datasets. However, we also reveal a critical flaw: the patch-based attack lacks robustness due to the specific preprocessing in STR models [such as resizing and thin-plate spline (TPS) rectification], which distort or eliminate the backdoor triggers. To address this, we further propose BadSTR, a novel backdoor attack method that uses semantic text sequences as triggers. Extensive experiments on eight benchmark datasets show that our proposed BadSTR achieves ASR of over 90% for most model-dataset combinations with significantly improved robustness.\",\"PeriodicalId\":54347,\"journal\":{\"name\":\"IEEE Internet of Things Journal\",\"volume\":\"12 18\",\"pages\":\"38526-38539\"},\"PeriodicalIF\":8.9000,\"publicationDate\":\"2025-07-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"IEEE Internet of Things Journal\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://ieeexplore.ieee.org/document/11072170/\",\"RegionNum\":1,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/11072170/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

最近的研究表明，基于深度神经网络（dnn）的非顺序任务，如图像分类和目标检测，容易受到后门攻击，导致模型预测错误。场景文本识别作为计算机视觉中的一项重要任务，在智能交通系统、智能监控等物联网领域有着广泛的应用。鉴于其重要性，确保STR模型的安全性和准确性至关重要。然而，目前还没有针对STR后门攻击的研究。在本文中，我们首次尝试使用基于补丁的攻击方法来验证STR模型上的后门威胁。我们的实验结果证实，在大多数数据集上，STR模型可以成功地被攻击成功率（ASR）超过80%。然而，我们也揭示了一个关键缺陷：基于补丁的攻击缺乏鲁棒性，因为STR模型中的特定预处理[如调整大小和薄板样条（TPS）整流]会扭曲或消除后门触发器。为了解决这个问题，我们进一步提出了BadSTR，一种使用语义文本序列作为触发器的新型后门攻击方法。在8个基准数据集上的大量实验表明，我们提出的BadSTR对于大多数模型-数据集组合的ASR达到90%以上，鲁棒性显著提高。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

BadSTR: Backdoor Attack on Scene Text Recognition in IoT

Recent researches have shown that nonsequential tasks based on deep neural networks (DNNs), such as image classification and object detection, are vulnerable to backdoor attacks, leading to incorrect model predictions. As a crucial task in computer vision, scene text recognition (STR) is widely used in Internet of Things (IoT) fields, such as intelligent transportation system and intelligent surveillance. Given its importance, ensuring the security and accuracy of STR models is critical. However, there are currently no studies on STR backdoor attacks. In this article, we make the first attempt to validate backdoor threats on STR models by using a patch-based attack method. Our experimental results confirm that STR models can be successfully compromised with attack success rate (ASR) of over 80% on most datasets. However, we also reveal a critical flaw: the patch-based attack lacks robustness due to the specific preprocessing in STR models [such as resizing and thin-plate spline (TPS) rectification], which distort or eliminate the backdoor triggers. To address this, we further propose BadSTR, a novel backdoor attack method that uses semantic text sequences as triggers. Extensive experiments on eight benchmark datasets show that our proposed BadSTR achieves ASR of over 90% for most model-dataset combinations with significantly improved robustness.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.