Venom introduces a binary-task optimization problem to enhance backdoor attacks against defenses. It focuses on injecting backdoors and enhancing attack survivability by imitating benign sample behavior. The evaluation demonstrates significant improvements in attack survivability without compromising original attack capabilities.
Backdoor attacks pose serious security threats to deep neural networks, leading to misclassification of samples with attacker-specified triggers. Existing defenses focus on data distribution or model behavior, but little attention has been given to surviving model reconstruction-based defenses. Venom addresses this gap by enhancing existing attacks' survivability through attention imitation loss, forcing poisoned samples' decision paths to couple with crucial benign sample paths.
Naar een andere taal
vanuit de broninhoud
arxiv.org
Belangrijkste Inzichten Gedestilleerd Uit
by Yufei Zhao,D... om arxiv.org 03-06-2024
https://arxiv.org/pdf/2403.02950.pdfDiepere vragen