Print Email Facebook Twitter DEFEAT Title DEFEAT: Deep Hidden Feature Backdoor Attacks by Imperceptible Perturbation and Latent Representation Constraints Author Zhao, Zhendong (University of Chinese Academy of Sciences; Chinese Academy of Sciences) Chen, Xiaojun (University of Chinese Academy of Sciences; Chinese Academy of Sciences) Xuan, Yuexin (University of Chinese Academy of Sciences; Chinese Academy of Sciences) Dong, Ye (University of Chinese Academy of Sciences; Chinese Academy of Sciences) Wang, Dakui (University of Chinese Academy of Sciences; Chinese Academy of Sciences) Liang, K. (TU Delft Cyber Security) Date 2022 Abstract Backdoor attack is a type of serious security threat to deep learning models. An adversary can provide users with a model trained on poisoned data to manipulate prediction behavior in test stage using a backdoor. The backdoored models behave normally on clean images, yet can be activated and output incorrect prediction if the input is stamped with a specific trigger pattern. Most existing backdoor attacks focus on manually defining imperceptible triggers in input space without considering the abnormality of triggers' latent representations in the poisoned model. These attacks are susceptible to backdoor detection algorithms and even visual inspection. In this paper, We propose a novel and stealthy backdoor attack - DEFEAT. It poisons the clean data using adaptive imperceptible perturbation and restricts latent representation during training process to strengthen our attack's stealthiness and resistance to defense algorithms. We conduct extensive experiments on multiple image classifiers using real-world datasets to demonstrate that our attack can 1) hold against the state-of-the-art defenses, 2) deceive the victim model with high attack success without jeopardizing model utility, and 3) provide practical stealthiness on image data. To reference this document use: http://resolver.tudelft.nl/uuid:a87385e4-99fa-461d-97df-05b74bfa8a1a DOI https://doi.org/10.1109/CVPR52688.2022.01478 Publisher IEEE Embargo date 2023-07-01 ISBN 978-1-6654-6947-0 Source Proceedings of the 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Event 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2022-06-18 → 2022-06-24, New Orleans, United States Bibliographical note Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Part of collection Institutional Repository Document type conference paper Rights © 2022 Zhendong Zhao, Xiaojun Chen, Yuexin Xuan, Ye Dong, Dakui Wang, K. Liang Files PDF DEFEAT_Deep_Hidden_Featur ... raints.pdf 1.06 MB Close viewer /islandora/object/uuid:a87385e4-99fa-461d-97df-05b74bfa8a1a/datastream/OBJ/view