A Robust Attack: Displacement Backdoor Attack
This addresses a threat for AI applications like autonomous driving and medical fields by improving the robustness of backdoor attacks, though it is incremental as it builds on existing backdoor attack methods.
The paper tackles the problem of backdoor attacks being vulnerable to real-world variations like jitter and brightness changes by proposing the Displacement Backdoor Attack (DBA), which shifts target samples to create robust backdoor samples. Experimental results show that DBA can resist data augmentation simulating real-world differences such as rotation and cropping.
As artificial intelligence becomes more prevalent in our lives, people are enjoying the convenience it brings, but they are also facing hidden threats, such as data poisoning and adversarial attacks. These threats can have disastrous consequences for the application of artificial intelligence, especially for some applications that take effect immediately, such as autonomous driving and medical fields. Among these threats, backdoor attacks have left a deep impression on people with their concealment and simple deployment, making them a threat that cannot be ignored, however, in the process of deploying the backdoor model, the backdoor attack often has some reasons that make it unsatisfactory in real-world applications, such as jitter and brightness changes. Based on this, we propose a highly robust backdoor attack that shifts the target sample and combines it with itself to form a backdoor sample, the Displacement Backdoor Attack(DBA). Experimental results show that the DBA attack can resist data augmentation that simulates real-world differences, such as rotation and cropping.