COMBAT: Alternated Training for Effective Clean-Label Backdoor Attacks

Authors

  • Tran Huynh VinAI Research
  • Dang Nguyen University of Maryland
  • Tung Pham VinAI Research
  • Anh Tran VinAI Research

DOI:

https://doi.org/10.1609/aaai.v38i3.28019

Keywords:

CV: Adversarial Attacks & Robustness

Abstract

Backdoor attacks pose a critical concern to the practice of using third-party data for AI development. The data can be poisoned to make a trained model misbehave when a predefined trigger pattern appears, granting the attackers illegal benefits. While most proposed backdoor attacks are dirty-label, clean-label attacks are more desirable by keeping data labels unchanged to dodge human inspection. However, designing a working clean-label attack is a challenging task, and existing clean-label attacks show underwhelming performance. In this paper, we propose a novel mechanism to develop clean-label attacks with outstanding attack performance. The key component is a trigger pattern generator, which is trained together with a surrogate model in an alternating manner. Our proposed mechanism is flexible and customizable, allowing different backdoor trigger types and behaviors for either single or multiple target labels. Our backdoor attacks can reach near-perfect attack success rates and bypass all state-of-the-art backdoor defenses, as illustrated via comprehensive experiments on standard benchmark datasets. Our code is available at https://github.com/VinAIResearch/COMBAT.
AAAI-24 / IAAI-24 / EAAI-24 Proceedings Cover

Downloads

Published

2024-03-24

How to Cite

Huynh, T., Nguyen, D., Pham, T., & Tran, A. (2024). COMBAT: Alternated Training for Effective Clean-Label Backdoor Attacks. Proceedings of the AAAI Conference on Artificial Intelligence, 38(3), 2436-2444. https://doi.org/10.1609/aaai.v38i3.28019

Issue

Vol. 38 No. 3: AAAI-24 Technical Tracks 3

Section

AAAI Technical Track on Computer Vision II