Effect of backdoor attacks over the complexity of the latent space distribution
This research addresses the problem of understanding the impact of backdoor attacks on the latent space for researchers and practitioners in AI security, providing insights into the structural changes induced by such attacks.
This paper investigates how backdoor attacks alter the complexity of the latent space distribution, causing similarities between classes and leading to model overfitting. The authors propose the D-vine Copula Auto-Encoder (VCAE) to estimate the latent space distribution under backdoor triggers, observing a 27% increase in latent space entropy due to the backdoor trigger.
The input space complexity determines the model's capabilities to extract their knowledge and translate the space of attributes into a function which is assumed in general, as a concatenation of non-linear functions between layers. In the presence of backdoor attacks, the space complexity changes, and induces similarities between classes that directly affect the model's training. As a consequence, the model tends to overfit the input set. In this research, we suggest the D-vine Copula Auto-Encoder (VCAE) as a tool to estimate the latent space distribution under the presence of backdoor triggers. Since no assumptions are made on the distribution estimation, like in Variational Autoencoders (VAE). It is possible to observe the backdoor stamp in non-attacked categories randomly generated. We exhibit the differences between a clean model (baseline) and the attacked one (backdoor) in a pairwise representation of the distribution. The idea is to illustrate the dependency structure change in the input space induced by backdoor features. Finally, we quantify the entropy's changes and the Kullback-Leibler divergence between models. In our results, we found the entropy in the latent space increases by around 27\% due to the backdoor trigger added to the input