RSBA: Robust Statistical Backdoor Attack under Privilege-Constrained Scenarios

RSBA introduces a new attack paradigm by utilizing statistical features for backdoor attacks, demonstrating robustness against defenses like image augmentation and model distillation.

The article introduces RSBA, a backdoor attack method focusing on statistical triggers for image classification models. It addresses limitations of existing backdoor attacks and demonstrates robustness against image augmentations and model distillation. Experimental results show high attack success rates in black-box scenarios. Introduction to RSBA: RSBA addresses limitations of existing backdoor attacks. Robustness against Defenses: RSBA is robust against image augmentations and model distillation. Experimental Results: RSBA achieves high attack success rates in black-box scenarios. Comparison with Baseline Methods: RSBA outperforms baseline methods in terms of attack effectiveness and robustness. Image Augmentation Experiments: RSBA demonstrates greater robustness compared to existing methods. Model Distillation Experiments: RSBA remains effective in various distillation scenarios. Backdoor Defense Methods: RSBA evades detection by Neural Cleanse and Fine-pruning. Non-Standardization Case: RSBA remains effective even without image standardization.

RSBA는 이미지 보강 및 모델 증류에 대해 강력한 내성을 나타냄.

"RSBA introduces a new attack paradigm rather than being limited to a specific implementation."