基于稀疏诱导的抗剪枝后门攻击

Backdoor attacks pose a significant threat to deep neural networks, as they are introduced during the training phase. By embedding specific trigger patterns into the model, these attacks cause misclassification when presented with certain inputs. This vulnerability can have serious real-world consequences, particularly in safety-critical applications like autonomous driving. Model pruning is a widely used technique for reducing the scale of network parameters, making it feasible to deploy models on low-resource devices. Notably, after pruning, the effectiveness of backdoor attacks is often significantly weakened or even completely nullified.To address the vulnerability defects caused by the model pruning process of existing backdoor attacks, we further propose a new anti-pruning backdoor attack based on sparse induction, where an adversary trains the backdoored model and simultaneously considers the impact of the pruning operation. By introducing structured constraint terms into the standard backdoor loss functions, we enable the model to exhibit a sparse structure similar to that after pruning. This approach ensures that the produced backdoored model retains strong attack capability even after being pruned.We focus on three backdoor injection methods and three pruning strategies, and evaluates the anti-pruning backdoor attack method in two datasets and three model architectures. The results show that, compared to existing backdoor attacks, the anti-pruning backdoor attack achieves an attack success rate of up to 97.82% after pruning while maintaining prediction accuracy on clean inputs.