Zhixiao Wu, Yao Lu, Jie Wen, Hao Sun, Qi Zhou, Guangming Lu
The paper proposes a set of components to improve the effectiveness and stealthiness of poison-only clean-label backdoor attacks by collaboratively optimizing sample selection and trigger design.
This research addresses how to make backdoor attacks on deep neural networks more effective and harder to detect. These attacks involve secretly altering a dataset in a way that causes the trained model to behave in a specific, attacker-desired way, without changing the labels of the data. The study introduces new methods to select which data samples to alter and how to modify them to maximize the attack's success while remaining undetected. The proposed approach combines different techniques to improve both the attack's stealthiness and its success rate.
