Full Image Backdoor Attacks on Gaze Estimation Networks: A Study on Regression Vulnerabilities
M. Surdykowski (TU Delft - Electrical Engineering, Mathematics and Computer Science)
L. Du – Mentor (TU Delft - Electrical Engineering, Mathematics and Computer Science)
G. Lan – Graduation committee member (TU Delft - Electrical Engineering, Mathematics and Computer Science)
G. Smaragdakis – Graduation committee member (TU Delft - Electrical Engineering, Mathematics and Computer Science)
More Info
expand_more
Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.
Abstract
Gaze estimation systems powered by deep neural networks are commonly used in sensitive applications such as driver assist or human-computer interaction. While backdoor attacks have been widely studied for classification tasks, vulnerability of regression networks like gaze estimators to these kind of attacks still remain underexplored. This research investigates the effectiveness of full-image backdoor attacks on appearance-based gaze estimation models. Specifically, the study explores dirty-label attacks with two types of global backdoor triggers: a spatial-domain sinusoidal pattern and a randomized frequency-domain perturbation. Experimental results on the MPIIFaceGaze dataset demonstrate that both triggers can reliably induce malicious outputs while preserving high accuracy on clean data, with the frequency-domain trigger offering superior stealth. These findings highlight a significant vulnerability in deep regression models, emphasizing the need for defensive mechanisms in real-world gaze estimation systems.