Data-Efficient Backdoor Attacks
This work addresses the need for more efficient and transferable backdoor attacks in machine learning security, representing an incremental improvement over existing methods.
The paper tackles the problem of inefficient poisoned data selection in backdoor attacks on deep neural networks by proposing a Filtering-and-Updating Strategy (FUS), achieving the same attack success rate with only 47% to 75% of the poisoned samples compared to random selection on CIFAR-10 and ImageNet-10.
Recent studies have proven that deep neural networks are vulnerable to backdoor attacks. Specifically, by mixing a small number of poisoned samples into the training set, the behavior of the trained model can be maliciously controlled. Existing attack methods construct such adversaries by randomly selecting some clean data from the benign set and then embedding a trigger into them. However, this selection strategy ignores the fact that each poisoned sample contributes inequally to the backdoor injection, which reduces the efficiency of poisoning. In this paper, we formulate improving the poisoned data efficiency by the selection as an optimization problem and propose a Filtering-and-Updating Strategy (FUS) to solve it. The experimental results on CIFAR-10 and ImageNet-10 indicate that the proposed method is effective: the same attack success rate can be achieved with only 47% to 75% of the poisoned sample volume compared to the random selection strategy. More importantly, the adversaries selected according to one setting can generalize well to other settings, exhibiting strong transferability. The prototype code of our method is now available at https://github.com/xpf/Data-Efficient-Backdoor-Attacks.