RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN
This addresses a security problem for practical applications using compact DNNs, representing an incremental advancement by focusing on compressed models rather than uncompressed ones.
The paper tackles the vulnerability of compressed deep neural networks (DNNs) to backdoor attacks by proposing RIBAC, a framework that achieves high attack success rates (e.g., robust against state-of-the-art defenses) while maintaining trigger stealthiness and model efficiency.
Recently backdoor attack has become an emerging threat to the security of deep neural network (DNN) models. To date, most of the existing studies focus on backdoor attack against the uncompressed model; while the vulnerability of compressed DNNs, which are widely used in the practical applications, is little exploited yet. In this paper, we propose to study and develop Robust and Imperceptible Backdoor Attack against Compact DNN models (RIBAC). By performing systematic analysis and exploration on the important design knobs, we propose a framework that can learn the proper trigger patterns, model parameters and pruning masks in an efficient way. Thereby achieving high trigger stealthiness, high attack success rate and high model efficiency simultaneously. Extensive evaluations across different datasets, including the test against the state-of-the-art defense mechanisms, demonstrate the high robustness, stealthiness and model efficiency of RIBAC. Code is available at https://github.com/huyvnphan/ECCV2022-RIBAC