IU: Imperceptible Universal Backdoor Attack
This work addresses security vulnerabilities in AI systems by revealing a scalable, hard-to-detect threat that could impact real-world deployments, though it is incremental in improving stealth over prior attacks.
The paper tackles the problem of creating stealthy universal backdoor attacks in deep neural networks by introducing an imperceptible method that uses graph convolutional networks to generate class-specific perturbations, achieving up to 91.3% attack success rate with only 0.16% poisoning on ImageNet-1K while evading defenses.
Backdoor attacks pose a critical threat to the security of deep neural networks, yet existing efforts on universal backdoors often rely on visually salient patterns, making them easier to detect and less practical at scale. In this work, we introduce a novel imperceptible universal backdoor attack that simultaneously controls all target classes with minimal poisoning while preserving stealth. Our key idea is to leverage graph convolutional networks (GCNs) to model inter-class relationships and generate class-specific perturbations that are both effective and visually invisible. The proposed framework optimizes a dual-objective loss that balances stealthiness (measured by perceptual similarity metrics such as PSNR) and attack success rate (ASR), enabling scalable, multi-target backdoor injection. Extensive experiments on ImageNet-1K with ResNet architectures demonstrate that our method achieves high ASR (up to 91.3%) under poisoning rates as low as 0.16%, while maintaining benign accuracy and evading state-of-the-art defenses. These results highlight the emerging risks of invisible universal backdoors and call for more robust detection and mitigation strategies.