RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN

August 22, 2022 · Entered Twilight · 🏛 European Conference on Computer Vision

Repo contents: .gitignore, LICENSE, README.md, custom_layers, datasets, figures, model_arch, modules, requirements.txt, train.py, utils

Authors Huy Phan, Cong Shi, Yi Xie, Tianfang Zhang, Zhuohang Li, Tianming Zhao, Jian Liu, Yan Wang, Yingying Chen, Bo Yuan arXiv ID 2208.10608 Category cs.CR: Cryptography & Security Cross-listed cs.CV Citations 7 Venue European Conference on Computer Vision Repository https://github.com/huyvnphan/ECCV2022-RIBAC ⭐ 9 Last Checked 2 months ago

Abstract

Recently backdoor attack has become an emerging threat to the security of deep neural network (DNN) models. To date, most of the existing studies focus on backdoor attack against the uncompressed model; while the vulnerability of compressed DNNs, which are widely used in the practical applications, is little exploited yet. In this paper, we propose to study and develop Robust and Imperceptible Backdoor Attack against Compact DNN models (RIBAC). By performing systematic analysis and exploration on the important design knobs, we propose a framework that can learn the proper trigger patterns, model parameters and pruning masks in an efficient way. Thereby achieving high trigger stealthiness, high attack success rate and high model efficiency simultaneously. Extensive evaluations across different datasets, including the test against the state-of-the-art defense mechanisms, demonstrate the high robustness, stealthiness and model efficiency of RIBAC. Code is available at https://github.com/huyvnphan/ECCV2022-RIBAC