DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation
DOI:
https://doi.org/10.1609/aaai.v35i12.17266Keywords:
Semi-Supervised Learning, Adversarial Attacks & RobustnessAbstract
The threat of data-poisoning backdoor attacks on learning algorithms typically comes from the labeled data. However, in deep semi-supervised learning (SSL), unknown threats mainly stem from the unlabeled data. In this paper, we propose a novel deep hidden backdoor (DeHiB) attack scheme for SSL-based systems. In contrast to the conventional attacking methods, the DeHiB can inject malicious unlabeled training data to the semi-supervised learner so as to enable the SSL model to output premeditated results. In particular, a robust adversarial perturbation generator regularized by a unified objective function is proposed to generate poisoned data. To alleviate the negative impact of the trigger patterns on model accuracy and improve the attack success rate, a novel contrastive data poisoning strategy is designed. Using the proposed data poisoning scheme, one can implant the backdoor into the SSL model using the raw data without hand-crafted labels. Extensive experiments based on CIFAR10 and CIFAR100 datasets demonstrated the effectiveness and crypticity of the proposed scheme.
Downloads
Published
2021-05-18
How to Cite
Yan, Z., Li, G., TIan, Y., Wu, J., Li, S., Chen, M., & Poor, H. V. (2021). DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation. Proceedings of the AAAI Conference on Artificial Intelligence, 35(12), 10585-10593. https://doi.org/10.1609/aaai.v35i12.17266
Issue
Section
AAAI Technical Track on Machine Learning V
