Abstract:
Transfer learning is a commonly used technique in machine learning to reduce the cost of training models. However, it is susceptible to backdoor attacks that cause models...Show MoreMetadata
Abstract:
Transfer learning is a commonly used technique in machine learning to reduce the cost of training models. However, it is susceptible to backdoor attacks that cause models to misclassify data with specific triggers while behaving normally on clean data. Existing methods for backdoor attacks in transfer learning either do not consider attack stealthiness or require compromising attack effectiveness for trigger concealment. To overcome this challenge, we introduce the concept of Invisible and Computable Trigger (ICT), which involves two critical steps. First, we propose a new computable trigger obtained by training on input data to greatly increase the attack effect during inference. Second, we embed the trigger into an imperceptible perturbation, allowing poisoned data to appear indistinguishable from clean data. Our experimental results demonstrate that our approach outperforms state-of-the-art methods in both attack effect and stealthiness.
Published in: IEEE Transactions on Consumer Electronics ( Volume: 70, Issue: 4, November 2024)