Semantic Host-free Trojan Attack

10/26/2021

∙

In this paper, we propose a novel host-free Trojan attack with triggers that are fixed in the semantic space but not necessarily in the pixel space. In contrast to existing Trojan attacks which use clean input images as hosts to carry small, meaningless trigger patterns, our attack considers triggers as full-sized images belonging to a semantically meaningful object class. Since in our attack, the backdoored classifier is encouraged to memorize the abstract semantics of the trigger images than any specific fixed pattern, it can be later triggered by semantically similar but different looking images. This makes our attack more practical to be applied in the real-world and harder to defend against. Extensive experimental results demonstrate that with only a small number of Trojan patterns for training, our attack can generalize well to new patterns of the same Trojan class and can bypass state-of-the-art defense methods.

READ FULL TEXT

Semantic Host-free Trojan Attack

Scale-free Photo-realistic Adversarial Pattern Attack

Poison as a Cure: Detecting Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks

Adversarial Attack with Pattern Replacement

Defense Against Multi-target Trojan Attacks

Input-Aware Dynamic Backdoor Attack

A semantic backdoor attack against Graph Convolutional Networks

D-square-B: Deep Distribution Bound for Natural-looking Adversarial Attack

Semantic Host-free Trojan Attack

Related Research

Scale-free Photo-realistic Adversarial Pattern Attack

Poison as a Cure: Detecting Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks

Adversarial Attack with Pattern Replacement

Defense Against Multi-target Trojan Attacks

Input-Aware Dynamic Backdoor Attack

A semantic backdoor attack against Graph Convolutional Networks

D-square-B: Deep Distribution Bound for Natural-looking Adversarial Attack