Backdoor Attack on gaze estimation

None, None

Backdoor Attack on gaze estimation

Bachelor Thesis (2023)

Author(s)

Y. Reda (TU Delft - Electrical Engineering, Mathematics and Computer Science)

Contributor(s)

L. Du – Mentor (TU Delft - Embedded Systems)

Guohao Guohao – Graduation committee member (TU Delft - Embedded Systems)

Xucong Zhang – Graduation committee member (TU Delft - Pattern Recognition and Bioinformatics)

Faculty

Electrical Engineering, Mathematics and Computer Science

Copyright

Gaze estimation Convolutional Neural Network Backdoor Attacks Badnets

To reference this document use:

https://resolver.tudelft.nl/uuid:80cfdc30-f335-41a8-8665-83f92265edc0

More Info

expand_more

Publication Year

2023

Language

English

Copyright

Graduation Date

25-06-2023

Awarding Institution

Delft University of Technology

Project

['CSE3000 Research Project']

Programme

['Computer Science and Engineering']

Faculty

Electrical Engineering, Mathematics and Computer Science

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Badnets are a type of backdoor attack that aims at manipulating the behavior of Convolutional Neural Networks. The training is modified such that when certain triggers appear in the inputs the CNN is going to behave accordingly. In this paper, we apply this type of backdoor attack to a regression task on gaze estimation. We examine different triggers to discover which of them lead to better performance and thus infer which trigger aspects one can take the most advantage from. It turns out that placing frames around and drawing multiple lines across the images are the most effective for the training of Badnets.

Files

CSE3000_report.pdf

(pdf | 5.33 Mb)

License info not available