BadRefSR: Backdoor Attacks Against Reference-based Image Super Resolution
This work highlights a security risk in RefSR models, which could impact researchers and practitioners in computer vision by exposing potential backdoor vulnerabilities in an emerging technique.
The paper tackles the vulnerability of reference-based image super-resolution (RefSR) to backdoor attacks by proposing BadRefSR, a framework that embeds triggers in reference images, causing the model to output attacker-specified images when triggered while performing normally on clean inputs.
Reference-based image super-resolution (RefSR) represents a promising advancement in super-resolution (SR). In contrast to single-image super-resolution (SISR), RefSR leverages an additional reference image to help recover high-frequency details, yet its vulnerability to backdoor attacks has not been explored. To fill this research gap, we propose a novel attack framework called BadRefSR, which embeds backdoors in the RefSR model by adding triggers to the reference images and training with a mixed loss function. Extensive experiments across various backdoor attack settings demonstrate the effectiveness of BadRefSR. The compromised RefSR network performs normally on clean input images, while outputting attacker-specified target images on triggered input images. Our study aims to alert researchers to the potential backdoor risks in RefSR. Codes are available at https://github.com/xuefusiji/BadRefSR.