SPY-Watermark: Robust Invisible Watermarking for Backdoor Attack

Ruofei Wang, Renjie Wan, Zongyu Guo, Qing Guo, Rui Huang*

*Corresponding author for this work

Research output: Chapter in book/report/conference proceedingConference proceedingpeer-review

Abstract

Backdoor attack aims to deceive a victim model when facing backdoor instances while maintaining its performance on benign data. Current methods use manual patterns or special perturbations as triggers, while they often overlook the robustness against data corruption, making backdoor attacks easy to defend in practice. To address this issue, we propose a novel backdoor attack method named Spy-Watermark, which remains effective when facing data collapse and backdoor defense. Therein, we introduce a learnable watermark embedded in the latent domain of images, serving as the trigger. Then, we search for a watermark that can withstand collapse during image decoding, cooperating with several anti-collapse operations to further enhance the resilience of our trigger against data corruption. Extensive experiments are conducted on CIFAR10, GTSRB, and ImageNet datasets, demonstrating that Spy-Watermark overtakes ten state-of-the-art methods in terms of robustness and stealthiness.
Original languageEnglish
Title of host publicationICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP)
PublisherIEEE
Pages2700-2704
Number of pages5
ISBN (Electronic)9798350344851
ISBN (Print)9798350344868
DOIs
Publication statusPublished - Apr 2024
Event2024 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024 - COEX, Seoul, Korea, Republic of
Duration: 14 Apr 202419 Apr 2024
https://2024.ieeeicassp.org/
https://2024.ieeeicassp.org/program-schedule/
https://ieeexplore.ieee.org/xpl/conhome/10445798/proceeding

Publication series

NameInternational Conference on Acoustics, Speech, and Signal Processing (ICASSP)
ISSN (Print)1520-6149
ISSN (Electronic)2379-190X

Conference

Conference2024 49th IEEE International Conference on Acoustics, Speech, and Signal Processing, ICASSP 2024
Abbreviated titleICASSP 2024
Country/TerritoryKorea, Republic of
CitySeoul
Period14/04/2419/04/24
Internet address

User-Defined Keywords

  • Backdoor attack
  • backdoor defense
  • invisible watermarking
  • robust trigger
  • trigger extraction

Fingerprint

Dive into the research topics of 'SPY-Watermark: Robust Invisible Watermarking for Backdoor Attack'. Together they form a unique fingerprint.

Cite this