赞
踩
关于后门攻击&防御的博客与论文。
ECCV2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
ICLR2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
CVPR2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
ACM MM2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
AAAI2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
NIPS2022对抗攻击&防御论文汇总 | Li's Blog (tuoli9.github.io)
THUYimingLi/backdoor-learning-resources: A list of backdoor learning resources (github.com)
目录
Image and Video Classification
Attack and Defense Towards Other Paradigms and Tasks
Semi-Supervised and Self-Supervised Learning
Backdoor Attack for Positive Purposes
Backdoor Learning: A Survey. [pdf]
Backdoor Attacks and Countermeasures on Deep Learning: A Comprehensive Review. [pdf]
Data Security for Machine Learning: Data Poisoning, Backdoor Attacks, and Defenses. [pdf]
A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning. [link]
Backdoor Attacks and Defenses in Federated Learning: State-of-the-art, Taxonomy, and Future Directions. [link]
Backdoor Attacks on Image Classification Models in Deep Neural Networks. [link]
Defense against Neural Trojan Attacks: A Survey. [link]
A Survey on Neural Trojans. [pdf]
A Survey of Neural Trojan Attacks and Defenses in Deep Learning. [pdf]
Threats to Pre-trained Language Models: Survey and Taxonomy. [pdf]
An Overview of Backdoor Attacks Against Deep Neural Networks and Possible Defences. [pdf]
Deep Learning Backdoors. [pdf]
Defense of Backdoor Attacks against Deep Neural Network Classifiers. [pdf]
Towards Adversarial and Backdoor Robustness of Deep Learning. [link]
Toward Robust and Communication Efficient Distributed Machine Learning. [pdf]
Towards Robust Image Classification with Deep Learning and Real-Time DNN Inference on Mobile. [pdf]
Countermeasures Against Backdoor, Data Poisoning, and Adversarial Attacks. [pdf]
Understanding and Mitigating the Impact of Backdooring Attacks on Deep Neural Networks. [pdf]
Un-fair trojan: Targeted Backdoor Attacks against Model Fairness. [pdf]
Check Your Other Door: Creating Backdoor Attacks in the Frequency Domain. [pdf]
Backdoor Attacks in Neural Networks. [link]
Backdoor Defenses. [pdf]
Geometric Properties of Backdoored Neural Networks. [pdf]
Detecting Backdoored Neural Networks with Structured Adversarial Attacks. [pdf]
Backdoor Attacks Against Deep Learning Systems in the Physical World. [pdf]
2022
Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection. [pdf] [code]
DEFEAT: Deep Hidden Feature Backdoor Attacks by Imperceptible Perturbation and Latent Representation Constraints. [pdf]
An Invisible Black-box Backdoor Attack through Frequency Domain. [pdf] [code]
BppAttack: Stealthy and Efficient Trojan Attacks against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning. [pdf] [code]
Dynamic Backdoor Attacks Against Machine Learning Models. [pdf]
Imperceptible Backdoor Attack: From Input Space to Feature Representation. [pdf] [code]
Stealthy Backdoor Attack with Adversarial Training. [link]
Invisible and Efficient Backdoor Attacks for Compressed Deep Neural Networks. [link]
Dynamic Backdoors with Global Average Pooling. [pdf]
Poison Ink: Robust and Invisible Backdoor Attack. [pdf]
Enhancing Backdoor Attacks with Multi-Level MMD Regularization. [link]
PTB: Robust Physical Backdoor Attacks against Deep Neural Networks in Real World. [link]
IBAttack: Being Cautious about Data Labels. [link]
BlindNet Backdoor: Attack on Deep Neural Network using Blind Watermark. [link]
Natural Backdoor Attacks on Deep Neural Networks via Raindrops. [link]
Dispersed Pixel Perturbation-based Imperceptible Backdoor Trigger for Image Classifier Models. [pdf]
FRIB: Low-poisoning Rate Invisible Backdoor Attack based on Feature Repair. [pdf]
Augmentation Backdoors. [pdf] [code]
Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation. [pdf]
Natural Backdoor Datasets. [pdf]
Backdoor Attacks on Vision Transformers. [pdf] [code]
Enhancing Clean Label Backdoor Attack with Two-phase Specific Triggers. [pdf]
Circumventing Backdoor Defenses That Are Based on Latent Separability. [pdf] [code]
Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information. [pdf]
CASSOCK: Viable Backdoor Attacks against DNN in The Wall of Source-Specific Backdoor Defences. [pdf]
Trojan Horse Training for Breaking Defenses against Backdoor Attacks in Deep Learning. [pdf]
Label-Smoothed Backdoor Attack. [pdf]
Imperceptible and Multi-channel Backdoor Attack against Deep Neural Networks. [pdf]
Compression-Resistant Backdoor Attack against Deep Neural Networks. [pdf]
2021
Invisible Backdoor Attack with Sample-Specific Triggers. [pdf] [code]
Manipulating SGD with Data Ordering Attacks. [pdf]
Backdoor Attack with Imperceptible Input and Latent Modification. [pdf]
LIRA: Learnable, Imperceptible and Robust Backdoor Attacks. [pdf]
Blind Backdoors in Deep Learning Models. [pdf] [code]
Backdoor Attacks Against Deep Learning Systems in the Physical World. [pdf] [Master Thesis]
Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification. [pdf] [code]
WaNet - Imperceptible Warping-based Backdoor Attack. [pdf] [code]
AdvDoor: Adversarial Backdoor Attack of Deep Learning System. [pdf] [code]
Invisible Poison: A Blackbox Clean Label Backdoor Attack to Deep Neural Networks. [pdf]
Backdoor Attack in the Physical World. [pdf] [extension]
Defense-Resistant Backdoor Attacks against Deep Neural Networks in Outsourced Cloud Environment. [Link]
A Master Key Backdoor for Universal Impersonation Attack against DNN-based Face Verification. [link]
Backdoors Hidden in Facial Features: A Novel Invisible Backdoor Attack against Face Recognition Systems. [link]
Use Procedural Noise to Achieve Backdoor Attack. [link] [code]
A Multitarget Backdooring Attack on Deep Neural Networks with Random Location Trigger. [link]
Simtrojan: Stealthy Backdoor Attack. [link]
DBIA: Data-free Backdoor Injection Attack against Transformer Networks. [pdf] [code]
A Statistical Difference Reduction Method for Escaping Backdoor Detection. [pdf]
Backdoor Attack through Frequency Domain. [pdf]
Check Your Other Door! Establishing Backdoor Attacks in the Frequency Domain. [pdf]
Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch. [pdf] [code]
RABA: A Robust Avatar Backdoor Attack on Deep Neural Network. [pdf]
Robust Backdoor Attacks against Deep Neural Networks in Real Physical World. [pdf]
2020
Composite Backdoor Attack for Deep Neural Network by Mixing Existing Benign Features. [pdf]
Input-Aware Dynamic Backdoor Attack. [pdf] [code]
Bypassing Backdoor Detection Algorithms in Deep Learning. [pdf]
Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation. [pdf]
Clean-Label Backdoor Attacks on Video Recognition Models. [pdf] [code]
Escaping Backdoor Attack Detection of Deep Learning. [link]
Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks. [pdf] [code]
Live Trojan Attacks on Deep Neural Networks. [pdf] [code]
Backdooring and Poisoning Neural Networks with Image-Scaling Attacks. [pdf]
One-to-N & N-to-One: Two Advanced Backdoor Attacks against Deep Learning Models. [pdf]
Invisible Backdoor Attacks on Deep Neural Networks via Steganography and Regularization. [pdf] [arXiv Version (2019)]
HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios. [pdf]
FaceHack: Triggering Backdoored Facial Recognition Systems Using Facial Characteristics. [pdf]
Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition Systems. [pdf]
2019
A New Backdoor Attack in CNNS by Training Set Corruption Without Label Poisoning. [pdf]
Label-Consistent Backdoor Attacks. [pdf] [code]
2018
2017
BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain. [pdf] [journal]
Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. [pdf] [code]
Weights-oriented Attack
Handcrafted Backdoors in Deep Neural Networks. [pdf]
Hardly Perceptible Trojan Attack against Neural Networks with Bit Flips. [pdf] [code]
ProFlip: Targeted Trojan Attack with Progressive Bit Flips. [pdf]
TBT: Targeted Neural Network Attack with Bit Trojan. [pdf] [code]
How to Inject Backdoors with Better Consistency: Logit Anchoring on Clean Data. [pdf]
Can Adversarial Weight Perturbations Inject Neural Backdoors? [pdf]
TrojViT: Trojan Insertion in Vision Transformers. [pdf]
Versatile Weight Attack via Flipping Limited Bits. [pdf]
Toward Realistic Backdoor Injection Attacks on DNNs using Rowhammer. [pdf]
TrojanNet: Embedding Hidden Trojan Horse Models in Neural Network. [pdf]
Backdooring Convolutional Neural Networks via Targeted Weight Perturbations. [pdf]
Structure-modified Attack
LoneNeuron: a Highly-Effective Feature-Domain Neural Trojan Using Invisible and Polymorphic Watermarks. [pdf]
Towards Practical Deployment-Stage Backdoor Attack on Deep Neural Networks. [pdf] [code]
Hiding Needles in a Haystack: Towards Constructing Neural Networks that Evade Verification. [link] [code]
Stealthy and Flexible Trojan in Deep Learning Framework. [link]
FooBaR: Fault Fooling Backdoor Attack on Neural Network Training. [link] [code]
DeepPayload: Black-box Backdoor Attack on Deep Learning Models through Neural Payload Injection. [pdf]
An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks. [pdf] [code]
BadRes: Reveal the Backdoors through Residual Connection. [pdf]
Architectural Backdoors in Neural Networks. [pdf]
Planting Undetectable Backdoors in Machine Learning Models. [pdf]
Other Attacks
ImpNet: Imperceptible and blackbox-undetectable backdoors in compiled neural networks. [pdf] [website] [code]
Don't Trigger Me! A Triggerless Backdoor Attack Against Deep Neural Networks. [pdf]
Preprocessing-based Empirical Defense
Backdoor Attack in the Physical World. [pdf] [extension]
DeepSweep: An Evaluation Framework for Mitigating DNN Backdoor Attacks using Data Augmentation. [pdf] [code]
Februus: Input Purification Defense Against Trojan Attacks on Deep Neural Network Systems. [pdf] [code]
Neural Trojans. [pdf]
Defending Deep Neural Networks against Backdoor Attack by Using De-trigger Autoencoder. [pdf]
Defending Backdoor Attacks on Vision Transformer via Patch Processing. [pdf]
ConFoc: Content-Focus Protection Against Trojan Attacks on Neural Networks. [pdf]
Model Agnostic Defense against Backdoor Attacks in Machine Learning. [pdf]
Model Reconstruction based Empirical Defense
Adversarial Unlearning of Backdoors via Implicit Hypergradient. [pdf] [code]
Data-free Backdoor Removal based on Channel Lipschitzness. [pdf] [code]
Eliminating Backdoor Triggers for Deep Neural Networks Using Attention Relation Graph Distillation. [pdf]
Adversarial Neuron Pruning Purifies Backdoored Deep Models. [pdf] [code]
Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks. [pdf] [code]
Interpretability-Guided Defense against Backdoor Attacks to Deep Neural Networks. [link]
Boundary augment: A data augment method to defend poison attack. [link]
Bridging Mode Connectivity in Loss Landscapes and Adversarial Robustness. [pdf] [code]
Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks. [pdf] [code]
Neural Trojans. [pdf]
Test-time Adaptation of Residual Blocks against Poisoning and Backdoor Attacks. [pdf]
Disabling Backdoor and Identifying Poison Data by using Knowledge Distillation in Backdoor Attacks on Deep Neural Networks. [pdf]
Defending against Backdoor Attack on Deep Neural Networks. [pdf]
Defense against Backdoor Attacks via Identifying and Purifying Bad Neurons. [pdf]
Turning a Curse Into a Blessing: Enabling Clean-Data-Free Defenses by Model Inversion. [pdf]
Adversarial Fine-tuning for Backdoor Defense: Connect Adversarial Examples to Triggered Samples. [pdf]
Neural Network Laundering: Removing Black-Box Backdoor Watermarks from Deep Neural Networks. [pdf]
HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios. [pdf]
Trigger Synthesis based Empirical Defense
Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free. [pdf] [code]
Better Trigger Inversion Optimization in Backdoor Scanning. [pdf] [code]
Few-shot Backdoor Defense Using Shapley Estimation. [pdf]
AEVA: Black-box Backdoor Detection Using Adversarial Extreme Value Analysis. [pdf] [code]
Trigger Hunting with a Topological Prior for Trojan Detection. [pdf] [code]
Backdoor Defense with Machine Unlearning. [pdf]
Black-box Detection of Backdoor Attacks with Limited Information and Data. [pdf]
Backdoor Scanning for Deep Neural Networks through K-Arm Optimization. [pdf] [code]
Towards Inspecting and Eliminating Trojan Backdoors in Deep Neural Networks. [pdf] [previous version] [code]
GangSweep: Sweep out Neural Backdoors by GAN. [pdf]
Detection of Backdoors in Trained Classifiers Without Access to the Training Set. [pdf]
Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks. [pdf] [code]
Defending Neural Backdoors via Generative Distribution Modeling. [pdf] [code]
DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks. [pdf]
Identifying Physically Realizable Triggers for Backdoored Face Recognition Networks. [link]
Revealing Perceptible Backdoors in DNNs Without the Training Set via the Maximum Achievable Misclassification Fraction Statistic. [pdf]
Adaptive Perturbation Generation for Multiple Backdoors Detection. [pdf]
Confidence Matters: Inspecting Backdoors in Deep Neural Networks via Distribution Transfer. [pdf]
One-shot Neural Backdoor Erasing via Adversarial Weight Masking. [pdf]
Defense Against Multi-target Trojan Attacks. [pdf]
Model-Contrastive Learning for Backdoor Defense. [pdf]
CatchBackdoor: Backdoor Testing by Critical Trojan Neural Path Identification via Differential Fuzzing. [pdf]
Detect and Remove Watermark in Deep Neural Networks via Generative Adversarial Networks. [pdf]
TAD: Trigger Approximation based Black-box Trojan Detection for AI. [pdf]
Scalable Backdoor Detection in Neural Networks. [pdf]
NNoculation: Broad Spectrum and Targeted Treatment of Backdoored DNNs. [pdf] [code]
Model Diagnosis based Empirical Defense
Complex Backdoor Detection by Symmetric Feature Differencing. [pdf] [code]
Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios. [pdf] [code]
An Anomaly Detection Approach for Backdoored Neural Networks: Face Recognition as a Case Study. [pdf]
Critical Path-Based Backdoor Detection for Deep Neural Networks. [link]
Detecting AI Trojans Using Meta Neural Analysis. [pdf]
Topological Detection of Trojaned Neural Networks. [pdf]
Black-box Detection of Backdoor Attacks with Limited Information and Data. [pdf]
Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs. [pdf] [code]
One-Pixel Signature: Characterizing CNN Models for Backdoor Detection. [pdf]
Practical Detection of Trojan Neural Networks: Data-Limited and Data-Free Cases. [pdf] [code]
Detecting Backdoor Attacks via Class Difference in Deep Neural Networks. [pdf]
Baseline Pruning-Based Approach to Trojan Detection in Neural Networks. [pdf]
Attention Hijacking in Trojan Transformers. [pdf]
Universal Post-Training Backdoor Detection. [pdf]
Trojan Signatures in DNN Weights. [pdf]
EX-RAY: Distinguishing Injected Backdoor from Natural Features in Neural Networks by Examining Differential Feature Symmetry. [pdf]
TOP: Backdoor Detection in Neural Networks via Transferability of Perturbation. [pdf]
Detecting Trojaned DNNs Using Counterfactual Attributions. [pdf]
Adversarial examples are useful too! [pdf] [code]
Cassandra: Detecting Trojaned Networks from Adversarial Perturbations. [pdf]
Odyssey: Creation, Analysis and Detection of Trojan Models. [pdf] [dataset]
Noise-response Analysis for Rapid Detection of Backdoors in Deep Neural Networks. [pdf]
NeuronInspect: Detecting Backdoors in Neural Networks via Output Explanations. [pdf]
Poison Suppression based Empirical Defense
Backdoor Defense via Decoupling the Training Process. [pdf] [code]
Training with More Confidence: Mitigating Injected and Natural Backdoors During Training. [pdf] [code]
Anti-Backdoor Learning: Training Clean Models on Poisoned Data. [pdf] [code]
Robust Anomaly Detection and Backdoor Attack Detection via Differential Privacy. [pdf] [code]
Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Trade-off. [pdf]
What Doesn't Kill You Makes You Robust(er): Adversarial Training against Poisons and Backdoors. [pdf]
Removing Backdoor-Based Watermarks in Neural Networks with Limited Data. [pdf]
On the Effectiveness of Adversarial Training against Backdoor Attacks. [pdf]
Resurrecting Trust in Facial Recognition: Mitigating Backdoor Attacks in Face Recognition to Prevent Potential Privacy Breaches. [pdf]
SanitAIs: Unsupervised Data Augmentation to Sanitize Trojaned Neural Networks. [pdf]
On the Effectiveness of Mitigating Data Poisoning Attacks with Gradient Shaping. [pdf] [code]
DP-InstaHide: Provably Defusing Poisoning and Backdoor Attacks with Differentially Private Data Augmentations. [pdf]
Sample Filtering based Empirical Defense
The "Beatrix'' Resurrections: Robust Backdoor Detection via Gram Matrices. [pdf] [code]
Towards Effective and Robust Neural Trojan Defenses via Input Filtering. [pdf] [code]
Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples. [pdf] [code]
Can We Mitigate Backdoor Attack Using Adversarial Detection Methods? [link]
LinkBreaker: Breaking the Backdoor-Trigger Link in DNNs via Neurons Consistency Check. [link]
Similarity-based Integrity Protection for Deep Learning Systems. [link]
A Feature-Based On-Line Detector to Remove Adversarial-Backdoors by Iterative Demarcation. [pdf]
Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective. [pdf] [code]
Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection. [pdf] [code]
SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics. [pdf] [code]
CLEANN: Accelerated Trojan Shield for Embedded Neural Networks. [pdf]
Robust Anomaly Detection and Backdoor Attack Detection via Differential Privacy. [pdf] [code]
Simple, Attack-Agnostic Defense Against Targeted Training Set Attacks Using Cosine Similarity. [pdf] [code]
SentiNet: Detecting Localized Universal Attacks Against Deep Learning Systems. [pdf]
STRIP: A Defence Against Trojan Attacks on Deep Neural Networks. [pdf] [extension] [code]
Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering. [pdf] [code]
Deep Probabilistic Models to Detect Data Poisoning Attacks. [pdf]
Spectral Signatures in Backdoor Attacks. [pdf] [code]
An Adaptive Black-box Defense against Trojan Attacks (TrojDef). [pdf]
Fight Poison with Poison: Detecting Backdoor Poison Samples via Decoupling Benign Correlations. [pdf] [code]
PiDAn: A Coherence Optimization Approach for Backdoor Attack Detection and Mitigation in Deep Neural Networks. [pdf]
Neural Network Trojans Analysis and Mitigation from the Input Domain. [pdf]
A General Framework for Defending Against Backdoor Attacks via Influence Graph. [pdf]
NTD: Non-Transferability Enabled Backdoor Detection. [pdf]
A Unified Framework for Task-Driven Data Quality Management. [pdf]
TESDA: Transform Enabled Statistical Detection of Attacks in Deep Neural Networks. [pdf]
Traceback of Data Poisoning Attacks in Neural Networks. [pdf]
Provable Guarantees against Data Poisoning Using Self-Expansion and Compatibility. [pdf]
Online Defense of Trojaned Models using Misattributions. [pdf]
Detecting Backdoor in Deep Neural Networks via Intentional Adversarial Perturbations. [pdf]
Exposing Backdoors in Robust Machine Learning Models. [pdf]
HaS-Nets: A Heal and Select Mechanism to Defend DNNs Against Backdoor Attacks for Data Collection Scenarios. [pdf]
Poison as a Cure: Detecting & Neutralizing Variable-Sized Backdoor Attacks in Deep Neural Networks. [pdf]
Certificated Defense
BagFlip: A Certified Defense against Data Poisoning. [pdf] [code]
RAB: Provable Robustness Against Backdoor Attacks. [pdf] [code]
Certified Robustness of Nearest Neighbors against Data Poisoning and Backdoor Attacks. [pdf]
Deep Partition Aggregation: Provable Defense against General Poisoning Attacks [pdf] [code]
Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks [pdf] [code]
Certified Robustness to Label-Flipping Attacks via Randomized Smoothing. [pdf]
On Certifying Robustness against Backdoor Attacks via Randomized Smoothing. [pdf]
BagFlip: A Certified Defense against Data Poisoning. [pdf]
Neurotoxin: Durable Backdoors in Federated Learning. [pdf]
FLAME: Taming Backdoors in Federated Learning. [pdf]
DeepSight: Mitigating Backdoor Attacks in Federated Learning Through Deep Model Inspection. [pdf]
Defending Label Inference and Backdoor Attacks in Vertical Federated Learning. [pdf]
An Analysis of Byzantine-Tolerant Aggregation Mechanisms on Model Poisoning in Federated Learning. [link]
Against Backdoor Attacks In Federated Learning With Differential Privacy. [link]
Secure Partial Aggregation: Making Federated Learning More Robust for Industry 4.0 Applications. [link]
Backdoor Attacks-resilient Aggregation based on Robust Filtering of Outliers in Federated Learning for Image Classification. [link]
Defense against Backdoor Attack in Federated Learning. [link] [code]
Privacy-Enhanced Federated Learning against Poisoning Adversaries. [link]
Coordinated Backdoor Attacks against Federated Learning with Model-Dependent Triggers. [link]
CRFL: Certifiably Robust Federated Learning against Backdoor Attacks. [pdf]
Curse or Redemption? How Data Heterogeneity Affects the Robustness of Federated Learning. [pdf]
Defending Against Backdoors in Federated Learning with Robust Learning Rate. [pdf]
BaFFLe: Backdoor detection via Feedback-based Federated Learning. [pdf]
PipAttack: Poisoning Federated Recommender Systems for Manipulating Item Promotion. [pdf]
Mitigating the Backdoor Attack by Federated Filters for Industrial IoT Applications. [link]
Stability-Based Analysis and Defense against Backdoor Attacks on Edge Computing Services. [link]
Attack of the Tails: Yes, You Really Can Backdoor Federated Learning. [pdf]
DBA: Distributed Backdoor Attacks against Federated Learning. [pdf]
The Limitations of Federated Learning in Sybil Settings. [pdf] [extension] [code]
How to Backdoor Federated Learning. [pdf]
BEAS: Blockchain Enabled Asynchronous & Secure Federated Machine Learning. [pdf]
Backdoor Attacks and Defenses in Feature-partitioned Collaborative Learning. [pdf]
Can You Really Backdoor Federated Learning? [pdf]
Invariant Aggregator for Defending Federated Backdoor Attacks. [pdf]
Shielding Federated Learning: Mitigating Byzantine Attacks with Less Constraints. [pdf]
Federated Zero-Shot Learning for Visual Recognition. [pdf]
Assisting Backdoor Federated Learning with Whole Population Knowledge Alignment. [pdf]
FL-Defender: Combating Targeted Attacks in Federated Learning. [pdf]
Backdoor Attack is A Devil in Federated GAN-based Medical Image Synthesis. [pdf]
SafeNet: Mitigating Data Poisoning Attacks on Private Machine Learning. [pdf] [code]
PerDoor: Persistent Non-Uniform Backdoors in Federated Learning using Adversarial Perturbations. [pdf] [code]
Towards a Defense against Backdoor Attacks in Continual Federated Learning. [pdf]
Client-Wise Targeted Backdoor in Federated Learning. [pdf]
Backdoor Defense in Federated Learning Using Differential Testing and Outlier Detection. [pdf]
ARIBA: Towards Accurate and Robust Identification of Backdoor Attacks in Federated Learning. [pdf]
More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks. [pdf]
Low-Loss Subspace Compression for Clean Gains against Multi-Agent Backdoor Attacks. [pdf]
Backdoors Stuck at The Frontdoor: Multi-Agent Backdoor Attacks That Backfire. [pdf]
Federated Unlearning with Knowledge Distillation. [pdf]
Model Transferring Attacks to Backdoor HyperNetwork in Personalized Federated Learning. [pdf]
Backdoor Attacks on Federated Learning with Lottery Ticket Hypothesis. [pdf]
On Provable Backdoor Defense in Collaborative Learning. [pdf]
SparseFed: Mitigating Model Poisoning Attacks in Federated Learning with Sparsification. [pdf]
Robust Federated Learning with Attack-Adaptive Aggregation. [pdf] [code]
Meta Federated Learning. [pdf]
FLGUARD: Secure and Private Federated Learning. [pdf]
Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy. [pdf]
Backdoor Attacks on Federated Meta-Learning. [pdf]
Dynamic backdoor attacks against federated learning. [pdf]
Federated Learning in Adversarial Settings. [pdf]
BlockFLA: Accountable Federated Learning via Hybrid Blockchain Architecture. [pdf]
Mitigating Backdoor Attacks in Federated Learning. [pdf]
Learning to Detect Malicious Clients for Robust Federated Learning. [pdf]
Attack-Resistant Federated Learning with Residual-based Reweighting. [pdf] [code]
Incremental Learning, Incremental Backdoor Threats. [link]
Robust Backdoor Injection with the Capability of Resisting Network Transfer. [link]
Anti-Distillation Backdoor Attacks: Backdoors Can Really Survive in Knowledge Distillation. [pdf]
Hidden Trigger Backdoor Attacks. [pdf] [code]
Weight Poisoning Attacks on Pre-trained Models. [pdf] [code]
Backdoor Attacks against Transfer Learning with Pre-trained Deep Learning Models. [pdf]
Latent Backdoor Attacks on Deep Neural Networks. [pdf]
Architectural Backdoors in Neural Networks. [pdf]
Red Alarm for Pre-trained Models: Universal Vulnerabilities by Neuron-Level Backdoor Attacks. [pdf] [code]
Provable Defense against Backdoor Policies in Reinforcement Learning. [pdf] [code]
MARNet: Backdoor Attacks against Cooperative Multi-Agent Reinforcement Learning. [link]
BACKDOORL: Backdoor Attack against Competitive Reinforcement Learning. [pdf]
Stop-and-Go: Exploring Backdoor Attacks on Deep Reinforcement Learning-based Traffic Congestion Control Systems. [pdf]
Agent Manipulator: Stealthy Strategy Attacks on Deep Reinforcement Learning. [link]
TrojDRL: Evaluation of Backdoor Attacks on Deep Reinforcement Learning. [pdf] [code]
Poisoning Deep Reinforcement Learning Agents with In-Distribution Triggers. [pdf]
A Temporal-Pattern Backdoor Attack to Deep Reinforcement Learning. [pdf]
Backdoor Detection in Reinforcement Learning. [pdf]
Design of Intentional Backdoors in Sequential Models. [pdf]
Backdoor Attacks on Self-Supervised Learning. [pdf] [code]
Poisoning and Backdooring Contrastive Learning. [pdf]
BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning. [pdf] [code]
DeHiB: Deep Hidden Backdoor Attack on Semi-supervised Learning via adversarial Perturbation. [pdf]
Deep Neural Backdoor in Semi-Supervised Learning: Threats and Countermeasures. [link]
Backdoor Attacks in the Supply Chain of Masked Image Modeling. [pdf]
Watermarking Pre-trained Encoders in Contrastive Learning. [pdf]
RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN. [pdf] [code]
Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes. [pdf] [code]
Understanding the Threats of Trojaned Quantized Neural Network in Model Supply Chains. [pdf]
Quantization Backdoors to Deep Learning Models. [pdf]
Stealthy Backdoors as Compression Artifacts. [pdf]
BadPrompt: Backdoor Attacks on Continuous Prompts. [pdf] [code]
Moderate-fitting as a Natural Backdoor Defender for Pre-trained Language Models [pdf] [code]
A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks. [pdf] [code]
Spinning Language Models: Risks of Propaganda-as-a-Service and Countermeasures [pdf] [code]
PICCOLO: Exposing Complex Backdoors in NLP Transformer Models. [pdf] [code]
Triggerless Backdoor Attack for NLP Tasks with Clean Labels. [pdf]
A Study of the Attention Abnormality in Trojaned BERTs. [pdf] [code]
The Triggers that Open the NLP Model Backdoors Are Hidden in the Adversarial Samples. [link]
BDDR: An Effective Defense Against Textual Backdoor Attacks. [pdf]
BadPre: Task-agnostic Backdoor Attacks to Pre-trained NLP Foundation Models. [pdf]
Exploring the Universal Vulnerability of Prompt-based Learning Paradigm. [pdf] [code]
Backdoor Pre-trained Models Can Transfer to All. [pdf]
BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements. [pdf] [arXiv-20]
Backdoor Attacks on Pre-trained Models by Layerwise Weight Poisoning. [pdf]
T-Miner: A Generative Approach to Defend Against Trojan Attacks on DNN-based Text Classification. [pdf]
RAP: Robustness-Aware Perturbations for Defending against Backdoor Attacks on NLP Models. [pdf] [code]
ONION: A Simple and Effective Defense Against Textual Backdoor Attacks. [pdf]
Mind the Style of Text! Adversarial and Backdoor Attacks Based on Text Style Transfer. [pdf] [code]
Rethinking Stealthiness of Backdoor Attack against NLP Models. [pdf] [code]
Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution. [pdf]
Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger. [pdf] [code]
Mitigating Data Poisoning in Text Classification with Differential Privacy. [pdf]
BFClass: A Backdoor-free Text Classification Framework. [pdf] [code]
Be Careful about Poisoned Word Embeddings: Exploring the Vulnerability of the Embedding Layers in NLP Models. [pdf] [code]
Neural Network Surgery: Injecting Data Patterns into Pre-trained Models with Minimal Instance-wise Side Effects. [pdf]
Text Backdoor Detection Using An Interpretable RNN Abstract Model. [link]
Textual Backdoor Attack for the Text Classification System. [pdf]
Weight Poisoning Attacks on Pre-trained Models. [pdf] [code]
Poison Attacks against Text Datasets with Conditional Adversarially Regularized Autoencoder. [pdf]
A Backdoor Attack Against LSTM-based Text Classification Systems. [pdf]
PerD: Perturbation Sensitivity-based Neural Trojan Detection Framework on NLP Applications. [pdf]
Kallima: A Clean-label Framework for Textual Backdoor Attacks. [pdf]
Textual Backdoor Attacks with Iterative Trigger Injection. [pdf] [code]
WeDef: Weakly Supervised Backdoor Defense for Text Classification. [pdf]
Constrained Optimization with Dynamic Bound-scaling for Effective NLPBackdoor Defense. [pdf]
Rethink Stealthy Backdoor Attacks in Natural Language Processing. [pdf]
Textual Backdoor Attacks Can Be More Harmful via Two Simple Tricks. [pdf]
Spinning Sequence-to-Sequence Models with Meta-Backdoors. [pdf]
Defending against Backdoor Attacks in Natural Language Generation. [pdf] [code]
Hidden Backdoors in Human-Centric Language Models. [pdf]
Detecting Universal Trigger’s Adversarial Attack with Honeypot. [pdf]
Mitigating Backdoor Attacks in LSTM-based Text Classification Systems by Backdoor Keyword Identification. [pdf]
Trojaning Language Models for Fun and Profit. [pdf]
Transferable Graph Backdoor Attack. [pdf]
More is Better (Mostly): On the Backdoor Attacks in Federated Graph Neural Networks. [pdf]
Backdoor Attacks to Graph Neural Networks. [pdf]
Defending Against Backdoor Attack on Graph Nerual Network by Explainability. [pdf]
Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection. [pdf] [code]
Neighboring Backdoor Attacks on Graph Convolutional Network. [pdf]
Dyn-Backdoor: Backdoor Attack on Dynamic Link Prediction. [pdf]
Explainability-based Backdoor Attacks Against Graph Neural Networks. [pdf]
A Backdoor Attack against 3D Point Cloud Classifiers. [pdf] [code]
PointBA: Towards Backdoor Attacks in 3D Point Cloud. [pdf]
Imperceptible and Robust Backdoor Attack in 3D Point Cloud. [pdf]
Detecting Backdoor Attacks Against Point Cloud Classifiers. [pdf]
Poisoning MorphNet for Clean-Label Backdoor Attack to Point Clouds. [pdf]
Backdoor Attack against Speaker Verification [pdf] [code]
DriNet: Dynamic Backdoor Attack against Automatic Speech Recognization Models. [link]
Can You Hear It? Backdoor Attacks via Ultrasonic Triggers. [pdf] [code]
Going in Style: Audio Backdoors Through Stylistic Transformations. [pdf]
FIBA: Frequency-Injection based Backdoor Attack in Medical Image Analysis. [pdf]
Exploiting Missing Value Patterns for a Backdoor Attack on Machine Learning Models of Electronic Health Records: Development and Validation Study. [link]
Machine Learning with Electronic Health Records is vulnerable to Backdoor Trigger Attacks. [pdf]
Explainability Matters: Backdoor Attacks on Medical Imaging. [pdf]
TRAPDOOR: Repurposing Backdoors to Detect Dataset Bias in Machine Learning-based Genomic Analysis. [pdf]
VulnerGAN: A Backdoor Attack through Vulnerability Amplification against Machine Learning-based Network Intrusion Detection Systems. [link] [code]
Explanation-Guided Backdoor Poisoning Attacks Against Malware Classifiers. [pdf]
Backdoor Attack on Machine Learning Based Android Malware Detectors. [link]
Jigsaw Puzzle: Selective Backdoor Attack to Subvert Malware Classifiers. [pdf]
Few-Shot Backdoor Attacks on Visual Object Tracking. [pdf] [code]
Backdoor Attacks on Crowd Counting. [pdf]
Backdoor Attacks on the DNN Interpretation System. [pdf]
The Devil is in the GAN: Defending Deep Generative Models Against Backdoor Attacks. [pdf] [code] [demo]
Object-Oriented Backdoor Attack Against Image Captioning. [link]
When Does Backdoor Attack Succeed in Image Reconstruction? A Study of Heuristics vs. Bi-Level Solution. [link]
An Interpretive Perspective: Adversarial Trojaning Attack on Neural-Architecture-Search Enabled Edge AI Systems. [link]
A Triggerless Backdoor Attack and Defense Mechanism for Intelligent Task Offloading in Multi-UAV Systems. [link]
Multi-Target Invisibly Trojaned Networks for Visual Recognition and Detection. [pdf]
Hidden Backdoor Attack against Semantic Segmentation Models. [pdf]
Adversarial Targeted Forgetting in Regularization and Generative Based Continual Learning Models. [link]
Targeted Forgetting and False Memory Formation in Continual Learners through Adversarial Backdoor Attacks. [pdf]
Trojan Attacks on Wireless Signal Classification with Adversarial Machine Learning. [pdf]
BadHash: Invisible Backdoor Attacks against Deep Hashing with Clean Label. [pdf]
A Temporal Chrominance Trigger for Clean-label Backdoor Attack against Anti-spoof Rebroadcast Detection. [pdf]
MACAB: Model-Agnostic Clean-Annotation Backdoor to Object Detection with Natural Trigger in Real-World. [pdf]
BadDet: Backdoor Attacks on Object Detection. [pdf]
Backdoor Attacks on Bayesian Neural Networks using Reverse Distribution. [pdf]
Backdooring Explainable Machine Learning. [pdf]
Clean-Annotation Backdoor Attack against Lane Detection Systems in the Wild. [pdf]
Dangerous Cloaking: Natural Trigger based Backdoor Attacks on Object Detectors in the Physical World. [pdf]
Targeted Trojan-Horse Attacks on Language-based Image Retrieval. [pdf]
Is Multi-Modal Necessarily Better? Robustness Evaluation of Multi-modal Fake News Detection. [pdf]
Dual-Key Multimodal Backdoors for Visual Question Answering. [pdf]
Clean-label Backdoor Attack against Deep Hashing based Retrieval. [pdf]
Backdoor Attacks on Network Certification via Data Poisoning. [pdf]
Backdoor Attack and Defense for Deep Regression. [pdf]
The Devil is in the GAN: Defending Deep Generative Models Against Backdoor Attacks. [pdf]
BAAAN: Backdoor Attacks Against Autoencoder and GAN-Based Machine Learning Models. [pdf]
DeepObliviate: A Powerful Charm for Erasing Data Residual Memory in Deep Neural Networks. [pdf]
Backdoors in Neural Models of Source Code. [pdf]
EEG-Based Brain-Computer Interfaces Are Vulnerable to Backdoor Attacks. [pdf]
Bias Busters: Robustifying DL-based Lithographic Hotspot Detectors Against Backdooring Attacks. [pdf]
TROJANZOO: Everything You Ever Wanted to Know about Neural Backdoors (But were Afraid to Ask). [pdf] [code]
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning. [pdf] [code] [website]
A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks. [pdf] [code]
Backdoor Defense via Decoupling the Training Process. [pdf] [code]
How to Inject Backdoors with Better Consistency: Logit Anchoring on Clean Data. [pdf]
Defending against Model Stealing via Verifying Embedded External Features. [pdf] [code]
Susceptibility & Defense of Satellite Image-trained Convolutional Networks to Backdoor Attacks. [link]
Data-Efficient Backdoor Attacks. [pdf] [code]
Excess Capacity and Backdoor Poisoning. [pdf]
Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks. [pdf] [code]
Rethinking the Backdoor Attacks' Triggers: A Frequency Perspective. [pdf]
Backdoor Attacks Against Deep Learning Systems in the Physical World. [pdf] [Master Thesis]
Can Optical Trojans Assist Adversarial Perturbations? [pdf]
On the Trade-off between Adversarial and Backdoor Robustness. [pdf]
A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models. [pdf] [code]
Systematic Evaluation of Backdoor Data Poisoning Attacks on Image Classifiers. [pdf]
On Evaluating Neural Network Backdoor Defenses. [pdf]
Attention Hijacking in Trojan Transformers. [pdf]
Game of Trojans: A Submodular Byzantine Approach. [pdf]
Auditing Visualizations: Transparency Methods Struggle to Detect Anomalous Behavior. [pdf] [code]
Natural Backdoor Datasets. [pdf]
A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks. [pdf] [code]
Can Backdoor Attacks Survive Time-Varying Models? [pdf]
Dynamic Backdoor Attacks with Global Average Pooling [pdf] [code]
Planting Undetectable Backdoors in Machine Learning Models. [pdf]
Towards A Critical Evaluation of Robustness for Deep Learning Backdoor Countermeasures. [pdf]
Neural Network Trojans Analysis and Mitigation from the Input Domain. [pdf]
Widen The Backdoor To Let More Attackers In. [pdf]
Backdoor Learning Curves: Explaining Backdoor Poisoning Beyond Influence Functions. [pdf]
Rethinking the Trigger of Backdoor Attack. [pdf]
Poisoned Classifiers are Not Only Backdoored, They are Fundamentally Broken. [pdf] [code]
Effect of Backdoor Attacks over the Complexity of the Latent Space Distribution. [pdf] [code]
Trembling Triggers: Exploring the Sensitivity of Backdoors in DNN-based Face Recognition. [pdf]
Noise-response Analysis for Rapid Detection of Backdoors in Deep Neural Networks. [pdf]
Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection. [pdf] [code]
Membership Inference via Backdooring. [pdf] [code]
Neural Network Surgery: Injecting Data Patterns into Pre-trained Models with Minimal Instance-wise Side Effects. [pdf]
One Step Further: Evaluating Interpreters using Metamorphic Testing. [pdf]
What Do You See? Evaluation of Explainable Artificial Intelligence (XAI) Interpretability through Neural Backdoors. [pdf]
Using Honeypots to Catch Adversarial Attacks on Neural Networks. [pdf]
Turning Your Weakness into a Strength: Watermarking Deep Neural Networks by Backdooring. [pdf] [code]
Open-sourced Dataset Protection via Backdoor Watermarking. [pdf] [code]
Protecting Deep Cerebrospinal Fluid Cell Image Processing Models with Backdoor and Semi-Distillation. [link]
Debiasing Backdoor Attack: A Benign Application of Backdoor Attack in Eliminating Data Bias. [pdf]
Watermarking Graph Neural Networks based on Backdoor Attacks. [pdf]
CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning. [pdf]
What Do Deep Nets Learn? Class-wise Patterns Revealed in the Input Space. [pdf]
A Stealthy and Robust Fingerprinting Scheme for Generative Models. [pdf]
Towards Probabilistic Verification of Machine Unlearning. [pdf] [code]
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。