BadSAD: Clean-Label Backdoor Attacks against Deep Semi-Supervised Anomaly Detection
This work addresses security risks in anomaly detection systems used in industrial inspection, medical imaging, and security, but it is incremental as it builds on existing backdoor attack methods.
The paper tackles the vulnerability of Deep Semi-Supervised Anomaly Detection (DeepSAD) models to backdoor attacks by introducing BadSAD, a clean-label attack framework that embeds subtle triggers and manipulates latent space to make poisoned images appear benign, with extensive experiments validating its effectiveness.
Image anomaly detection (IAD) is essential in applications such as industrial inspection, medical imaging, and security. Despite the progress achieved with deep learning models like Deep Semi-Supervised Anomaly Detection (DeepSAD), these models remain susceptible to backdoor attacks, presenting significant security challenges. In this paper, we introduce BadSAD, a novel backdoor attack framework specifically designed to target DeepSAD models. Our approach involves two key phases: trigger injection, where subtle triggers are embedded into normal images, and latent space manipulation, which positions and clusters the poisoned images near normal images to make the triggers appear benign. Extensive experiments on benchmark datasets validate the effectiveness of our attack strategy, highlighting the severe risks that backdoor attacks pose to deep learning-based anomaly detection systems.