Litcius/Paper detail

DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation

Zhicong Yan, Gaolei Li, Yuan Tian, Jun Wu, Shenghong Li, Mingzhe Chen, H. Vincent Poor

2021Proceedings of the AAAI Conference on Artificial Intelligence31 citationsDOIOpen Access PDF

Abstract

The threat of data-poisoning backdoor attacks on learning algorithms typically comes from the labeled data. However, in deep semi-supervised learning (SSL), unknown threats mainly stem from the unlabeled data. In this paper, we propose a novel deep hidden backdoor (DeHiB) attack scheme for SSL-based systems. In contrast to the conventional attacking methods, the DeHiB can inject malicious unlabeled training data to the semi-supervised learner so as to enable the SSL model to output premeditated results. In particular, a robust adversarial perturbation generator regularized by a unified objective function is proposed to generate poisoned data. To alleviate the negative impact of the trigger patterns on model accuracy and improve the attack success rate, a novel contrastive data poisoning strategy is designed. Using the proposed data poisoning scheme, one can implant the backdoor into the SSL model using the raw data without hand-crafted labels. Extensive experiments based on CIFAR10 and CIFAR100 datasets demonstrated the effectiveness and crypticity of the proposed scheme.

Topics & Concepts

BackdoorComputer scienceArtificial intelligenceAdversarial systemDeep learningScheme (mathematics)Machine learningLabeled dataPattern recognition (psychology)Computer securityMathematicsMathematical analysisAdversarial Robustness in Machine LearningAnomaly Detection Techniques and ApplicationsDomain Adaptation and Few-Shot Learning
DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via Adversarial Perturbation | Litcius