TY - GEN
T1 - SPSS: A Salience-based Poisoning Selection Strategy for Selecting Backdoor Attack Victims
T2 - 2024 International Joint Conference on Neural Networks, IJCNN 2024
AU - Lyu, Zihan
AU - Lin, Dongheng
AU - Sun, Shengkai
AU - Zhang, Jie
AU - Zhang, Ruiming
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024/7
Y1 - 2024/7
N2 - Recent research has shown that deep neural networks can be compromised through data-poisoning-based backdoor attacks, in which a small fraction of samples in the training dataset is maliciously modified following certain patterns for the purpose of influencing the behavior of the resultant model. Previous attack techniques generate these malicious samples by randomly picking clean data from the training dataset and incorporating a triggering mechanism. This paper introduces a Salience-based Poisoning Selection Strategy (SPSS) that significantly improves attack effectiveness by selecting diverse samples with salient features as victims for poisoning. Rigorous experimental testing on CIFAR-10, CIFAR-100 and ImageNet10 reveals that SPSS significantly improves the attacking effectiveness. Under SPSS selection, the number of poisoned images needed to achieve a certain attack success rate can be minimized by 38.44% of that under random selection approach. Our method is also more computationally efficient compared with existing SOTA selection strategies in this field.
AB - Recent research has shown that deep neural networks can be compromised through data-poisoning-based backdoor attacks, in which a small fraction of samples in the training dataset is maliciously modified following certain patterns for the purpose of influencing the behavior of the resultant model. Previous attack techniques generate these malicious samples by randomly picking clean data from the training dataset and incorporating a triggering mechanism. This paper introduces a Salience-based Poisoning Selection Strategy (SPSS) that significantly improves attack effectiveness by selecting diverse samples with salient features as victims for poisoning. Rigorous experimental testing on CIFAR-10, CIFAR-100 and ImageNet10 reveals that SPSS significantly improves the attacking effectiveness. Under SPSS selection, the number of poisoned images needed to achieve a certain attack success rate can be minimized by 38.44% of that under random selection approach. Our method is also more computationally efficient compared with existing SOTA selection strategies in this field.
UR - http://www.scopus.com/inward/record.url?scp=85205029191&partnerID=8YFLogxK
U2 - 10.1109/IJCNN60899.2024.10650242
DO - 10.1109/IJCNN60899.2024.10650242
M3 - Conference Proceeding
AN - SCOPUS:85205029191
T3 - Proceedings of the International Joint Conference on Neural Networks
BT - 2024 International Joint Conference on Neural Networks, IJCNN 2024 - Proceedings
PB - Institute of Electrical and Electronics Engineers Inc.
Y2 - 30 June 2024 through 5 July 2024
ER -