Abstract
Backdoor attack aims to deceive a victim model when facing backdoor instances while maintaining its performance on benign data. Current methods use manual patterns or special perturbations as triggers, while they often overlook the robustness against data corruption, making backdoor attacks easy to defend in practice. To address this issue, we propose a novel backdoor attack method named Spy-Watermark, which remains effective when facing data collapse and backdoor defense. Therein, we introduce a learnable watermark embedded in the latent domain of images, serving as the trigger. Then, we search for a watermark that can withstand collapse during image decoding, cooperating with several anti-collapse operations to further enhance the resilience of our trigger against data corruption. Extensive experiments are conducted on CIFAR10, GTSRB, and ImageNet datasets, demonstrating that Spy-Watermark overtakes ten state-of-the-art methods in terms of robustness and stealthiness.
Original language | English |
---|---|
Title of host publication | ICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) |
Publisher | IEEE |
Pages | 2700-2704 |
Number of pages | 5 |
ISBN (Electronic) | 9798350344851 |
ISBN (Print) | 9798350344868 |
DOIs | |
Publication status | Published - Apr 2024 |
Event | 2024 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - COEX, Seoul, Korea, Republic of Duration: 14 Apr 2024 → 19 Apr 2024 https://2024.ieeeicassp.org/ https://2024.ieeeicassp.org/program-schedule/ https://ieeexplore.ieee.org/xpl/conhome/10445798/proceeding |
Publication series
Name | International Conference on Acoustics, Speech, and Signal Processing (ICASSP) |
---|---|
ISSN (Print) | 1520-6149 |
ISSN (Electronic) | 2379-190X |
Conference
Conference | 2024 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 |
---|---|
Abbreviated title | ICASSP 2024 |
Country/Territory | Korea, Republic of |
City | Seoul |
Period | 14/04/24 → 19/04/24 |
Internet address |
User-Defined Keywords
- Backdoor attack
- backdoor defense
- invisible watermarking
- robust trigger
- trigger extraction