Generalization Bound and New Algorithm for Clean-Label Backdoor Attack
Paper Synopsis
Backdoor attacks are a method of compromising a model by poisoning the training set, causing the trained model to exhibit the attacker’s anticipated erroneous behavior under specific conditions. To ensure the feasibility of backdoor attacks, we analyze how to ensure the stealthiness and success rate of backdoor attacks from the perspective of the generalization boundaries of neural networks. Guided by this, we use adversarial noise and shortcut noise to design a new method for performing backdoor attacks. We tested our attack method on public datasets, and the experiments show that a high success rate could be achieved at a relatively low cost while maintaining accuracy on clean samples.
Cite the Paper
Lijia Yu, Shuang Liu, Yibo Miao, Lijun Zhang, Xiaoshan Gao: Generalization Bound and New Algorithm for Clean-Label Backdoor Attack. In Forty-first International Conference on Machine Learning, ICML 2024, Vienna, Austria, July 21-27, 2024, 2024. URL BIB