|国家预印本平台
首页|Poison in the Well: Feature Embedding Disruption in Backdoor Attacks

Poison in the Well: Feature Embedding Disruption in Backdoor Attacks

Poison in the Well: Feature Embedding Disruption in Backdoor Attacks

来源:Arxiv_logoArxiv
英文摘要

Backdoor attacks embed malicious triggers into training data, enabling attackers to manipulate neural network behavior during inference while maintaining high accuracy on benign inputs. However, existing backdoor attacks face limitations manifesting in excessive reliance on training data, poor stealth, and instability, which hinder their effectiveness in real-world applications. Therefore, this paper introduces ShadowPrint, a versatile backdoor attack that targets feature embeddings within neural networks to achieve high ASRs and stealthiness. Unlike traditional approaches, ShadowPrint reduces reliance on training data access and operates effectively with exceedingly low poison rates (as low as 0.01%). It leverages a clustering-based optimization strategy to align feature embeddings, ensuring robust performance across diverse scenarios while maintaining stability and stealth. Extensive evaluations demonstrate that ShadowPrint achieves superior ASR (up to 100%), steady CA (with decay no more than 1% in most cases), and low DDR (averaging below 5%) across both clean-label and dirty-label settings, and with poison rates ranging from as low as 0.01% to 0.05%, setting a new standard for backdoor attack capabilities and emphasizing the need for advanced defense strategies focused on feature space manipulations.

Yuwen Pu、Qingming Li、Shouling Ji、Zhou Feng、Jiahao Chen、Chunyi Zhou

计算技术、计算机技术

Yuwen Pu,Qingming Li,Shouling Ji,Zhou Feng,Jiahao Chen,Chunyi Zhou.Poison in the Well: Feature Embedding Disruption in Backdoor Attacks[EB/OL].(2025-05-26)[2025-07-02].https://arxiv.org/abs/2505.19821.点此复制

评论