SPY-WATERMARK: ROBUST INVISIBLE WATERMARKING FOR BACKDOOR ATTACK

被引：0

作者：

Wang, Ruofei ^{[1
]}

Wan, Renjie ^{[2
]}

Guo, Zongyu ^{[1
]}

Guo, Qing ^{[3
,4
]}

Huang, Rui ^{[1
]}

机构：

[1] Civil Aviat Univ China, Coll Comp Sci & Technol, Tianjin, Peoples R China

[2] Hong Kong Baptist Univ, Dept Comp Sci, Hong Kong, Peoples R China

[3] IHPC, Agcy Sci Res & Technol, Singapore, Singapore

[4] CFAR, Agcy Sci Res & Technol, Singapore, Singapore

来源：

2024 IEEE INTERNATIONAL CONFERENCE ON ACOUSTICS, SPEECH AND SIGNAL PROCESSING, ICASSP 2024 | 2024年

关键词：

Backdoor attack; backdoor defense; invisible watermarking; robust trigger; trigger extraction;

D O I：

10.1109/ICASSP48485.2024.10448363

中图分类号：

学科分类号：

摘要：

Backdoor attack aims to deceive a victim model when facing backdoor instances while maintaining its performance on benign data. Current methods use manual patterns or special perturbations as triggers, while they often overlook the robustness against data corruption, making backdoor attacks easy to defend in practice. To address this issue, we propose a novel backdoor attack method named Spy-Watermark, which remains effective when facing data collapse and back-door defense. Therein, we introduce a learnable watermark embedded in the latent domain of images, serving as the trigger. Then, we search for a watermark that can withstand collapse during image decoding, cooperating with several anti-collapse operations to further enhance the resilience of our trigger against data corruption. Extensive experiments are conducted on CIFAR10, GTSRB, and ImageNet datasets, demonstrating that Spy-Watermark overtakes ten state-of-the-art methods in terms of robustness and stealthiness.

引用

页码：2700 / 2704

页数：5

共 50 条

[1] Poison Ink: Robust and Invisible Backdoor Attack
Zhang, Jie
Chen, Dongdong
Huang, Qidong
Liao, Jing
Zhang, Weiming
Feng, Huamin
Hua, Gang
Yu, Nenghai
IEEE TRANSACTIONS ON IMAGE PROCESSING, 2022, 31 : 5691 - 5705
[2] Backdoor Attack With Sparse and Invisible Trigger
Gao, Yinghua
Li, Yiming
Gong, Xueluan
Li, Zhifeng
Xia, Shu-Tao
Wang, Qian
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2024, 19 : 6364 - 6376
[3] Invisible backdoor attack with attention and steganography
Chen, Wenmin
Xu, Xiaowei
Wang, Xiaodong
Zhou, Huasong
Li, Zewen
Chen, Yangming
COMPUTER VISION AND IMAGE UNDERSTANDING, 2024, 249
[4] An Invisible Backdoor Attack Based on Semantic Feature
Chen, Yangming
Xu, Xiaowei
Wang, Xiaodong
Li, Zewen
Chen, Wenmin
INTERNATIONAL JOURNAL OF PATTERN RECOGNITION AND ARTIFICIAL INTELLIGENCE, 2025,
[5] Attack Algorithm on Watermarking with Public Watermark Detection
Hu, Yanjun
Yang, Lei
Cao, Xinde
Wang, Guanjun
NANOTECHNOLOGY AND COMPUTER ENGINEERING, 2010, 121-122 : 423 - 428
[6] An Invisible Text Watermarking Algorithm using Image Watermark
Jalil, Zunera
Mirza, Anwar M.
INNOVATIONS IN COMPUTING SCIENCES AND SOFTWARE ENGINEERING, 2010, : 147 - 152
[7] Style robust invisible watermarking
Rabbani, Majid
Honsinger, Chris
ICIS '06: INTERNATIONAL CONGRESS OF IMAGING SCIENCE, FINAL PROGRAM AND PROCEEDINGS: LINKING THE EXPLOSION OF IMAGING APPLICATIONS WITH THE SCIENCE AND TECHNOLOGY OF IMAGING, 2006, : 474 - 474
[8] Invisible Backdoor Attack Through Singular Value Decomposition
Chen, Wenmin
Xu, Xiaowei
Wang, Xiaodong
Li, Zewen
Chen, Yangming
PATTERN RECOGNITION AND COMPUTER VISION, PRCV 2024, PT II, 2025, 15032 : 174 - 188
[9] SATBA: An Invisible Backdoor Attack Based on Spatial Attention
Zhou, Huasong
Xu, Xiaowei
Wang, Xiaodong
Bullock, Leon Bevan
2023 IEEE 22ND INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, TRUSTCOM, BIGDATASE, CSE, EUC, ISCI 2023, 2024, : 937 - 945
[10] Invisible Backdoor Attack with Sample-Specific Triggers
Li, Yuezun
Li, Yiming
Wu, Baoyuan
Li, Longkang
He, Ran
Lyu, Siwei
2021 IEEE/CVF INTERNATIONAL CONFERENCE ON COMPUTER VISION (ICCV 2021), 2021, : 16443 - 16452

← 1 2 3 4 5 →