Recent studies revealed that deep neural networks (DNNs) are exposed to backdoor threats when training with third-party resources (such as training samples or backbones). The backdoored model has promising performance in predicting benign samples, whereas its predictions can be maliciously manipulated by adversaries based on activating its backdoors with pre-defined trigger patterns. Currently, most of the existing backdoor attacks were conducted on the image classification under the targeted manner. In this paper, we reveal that these threats could also happen in object detection, posing threatening risks to many mission-critical applications ($e.g.$, pedestrian detection and intelligent surveillance systems). Specifically, we design a simple yet effective poison-only backdoor attack in an untargeted manner, based on task characteristics. We show that, once the backdoor is embedded into the target model by our attack, it can trick the model to lose detection of any object stamped with our trigger patterns. We conduct extensive experiments on the benchmark dataset, showing its effectiveness in both digital and physical-world settings and its resistance to potential defenses.
翻译:最近的研究表明,在利用第三方资源(如培训样本或骨干)进行培训时,深神经网络(DNN)会受到后门威胁。 后门模型在预测良性样本方面表现良好,前景良好,而其预测则可能受到对手的恶意操纵,其依据是用预先确定的触发模式激活后门。目前,大多数现有的后门袭击都是以目标方式根据图像分类进行的。在本文中,我们发现这些威胁还可能发生在物体探测中,对许多任务关键应用带来威胁性风险(例如,美元,行人探测和智能监测系统 ) 。 具体地说,我们根据任务特征设计了一个简单而有效的、只有毒害性的后门攻击。我们表明,一旦后门被我们攻击后门嵌入目标模型,它就能操纵模型,失去用我们的触发模式压住的任何物体的探测。我们在基准数据集上进行了广泛的实验,显示其在数字和物理世界环境中的有效性以及它对潜在防御的抵抗力。</s>
相关内容
微信扫码咨询专知VIP会员