A Systematic Evaluation of Backdoor Attacks in Various Domains
Stefanos Koffas (TU Delft - Cyber Security)
Behrad Tajalli (Radboud Universiteit Nijmegen)
J. Xu (TU Delft - Cyber Security)
Mauro Conti (TU Delft - Cyber Security, UniversitĂ degli Studi di Padova)
Stjepan Picek (Radboud Universiteit Nijmegen, TU Delft - Cyber Security)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Deep learning found its place in various real-world applications, where many also have security requirements. Unfortunately, as these systems become more pervasive, understanding how they fail becomes more challenging. While there are multiple failure modes in machine learning, one category received significant attention in the last few years-backdoor attacks. Backdoor attacks aim to make a model misclassify some of its inputs to a preset-specific label while other classification results would behave normally. While many works investigate various backdoor attacks and defenses for different domains, no works aim to provide a systematic comparison of backdoor attacks for different scenarios. This work considers backdoor attacks in image, sound, text, and graph domains and provides a comparative analysis of their respective strengths.