当前位置:
X-MOL 学术
›
IEEE Trans. Inform. Forensics Secur.
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A Proxy Attack-Free Strategy for Practically Improving the Poisoning Efficiency in Backdoor Attacks
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-10-03 , DOI: 10.1109/tifs.2024.3472510 Ziqiang Li, Hong Sun, Pengfei Xia, Beihao Xia, Xue Rui, Wei Zhang, Qinglang Guo, Zhangjie Fu, Bin Li
IEEE Transactions on Information Forensics and Security ( IF 6.3 ) Pub Date : 2024-10-03 , DOI: 10.1109/tifs.2024.3472510 Ziqiang Li, Hong Sun, Pengfei Xia, Beihao Xia, Xue Rui, Wei Zhang, Qinglang Guo, Zhangjie Fu, Bin Li
Poisoning efficiency is crucial in poisoning-based backdoor attacks, as attackers aim to minimize the number of poisoning samples while maximizing attack efficacy. Recent studies have sought to enhance poisoning efficiency by selecting effective samples. However, these studies typically rely on a proxy backdoor injection task to identify an efficient set of poisoning samples. This proxy attack-based approach can lead to performance degradation if the proxy attack settings differ from those of the actual victims, due to the shortcut nature of backdoor learning. Furthermore, proxy attack-based methods are extremely time-consuming, as they require numerous complete backdoor injection processes for sample selection. To address these concerns, we present a Proxy attack-Free Strategy (PFS) designed to identify efficient poisoning samples based on the similarity between clean samples and their corresponding poisoning samples, as well as the diversity of the poisoning set. The proposed PFS is motivated by the observation that selecting samples with high similarity between clean and corresponding poisoning samples results in significantly higher attack success rates compared to using samples with low similarity. Additionally, we provide theoretical foundations to explain the proposed PFS. We comprehensively evaluate the proposed strategy across various datasets, triggers, poisoning rates, architectures, and training hyperparameters. Our experimental results demonstrate that PFS enhances backdoor attack efficiency while also offering a remarkable speed advantage over previous proxy attack-based selection methodologies.
中文翻译:
一种无代理攻击策略,用于实际提高后门攻击中的中毒效率
在基于中毒的后门攻击中,中毒效率至关重要,因为攻击者的目标是最大限度地减少中毒样本的数量,同时最大限度地提高攻击效果。最近的研究试图通过选择有效的样本来提高中毒效率。但是,这些研究通常依赖于代理后门注入任务来识别一组有效的中毒样本。由于后门学习的快捷方式性质,如果代理攻击设置与实际受害者的设置不同,则这种基于代理攻击的方法可能会导致性能下降。此外,基于代理攻击的方法非常耗时,因为它们需要大量完整的后门进样过程来选择样品。为了解决这些问题,我们提出了一种代理无攻击策略 (PFS),旨在根据干净样本与其相应中毒样本之间的相似性以及中毒集的多样性来识别有效的中毒样本。拟议的 PFS 的动机是观察到,与使用低相似性样本相比,在干净样本和相应中毒样本之间选择具有高相似性的样本会导致显着更高的攻击成功率。此外,我们还提供了理论基础来解释所提出的 PFS。我们在各种数据集、触发器、中毒率、架构和训练超参数中全面评估了所提出的策略。我们的实验结果表明,PFS 提高了后门攻击效率,同时与以前基于代理攻击的选择方法相比,它还提供了显着的速度优势。
更新日期:2024-10-03
中文翻译:
一种无代理攻击策略,用于实际提高后门攻击中的中毒效率
在基于中毒的后门攻击中,中毒效率至关重要,因为攻击者的目标是最大限度地减少中毒样本的数量,同时最大限度地提高攻击效果。最近的研究试图通过选择有效的样本来提高中毒效率。但是,这些研究通常依赖于代理后门注入任务来识别一组有效的中毒样本。由于后门学习的快捷方式性质,如果代理攻击设置与实际受害者的设置不同,则这种基于代理攻击的方法可能会导致性能下降。此外,基于代理攻击的方法非常耗时,因为它们需要大量完整的后门进样过程来选择样品。为了解决这些问题,我们提出了一种代理无攻击策略 (PFS),旨在根据干净样本与其相应中毒样本之间的相似性以及中毒集的多样性来识别有效的中毒样本。拟议的 PFS 的动机是观察到,与使用低相似性样本相比,在干净样本和相应中毒样本之间选择具有高相似性的样本会导致显着更高的攻击成功率。此外,我们还提供了理论基础来解释所提出的 PFS。我们在各种数据集、触发器、中毒率、架构和训练超参数中全面评估了所提出的策略。我们的实验结果表明,PFS 提高了后门攻击效率,同时与以前基于代理攻击的选择方法相比,它还提供了显着的速度优势。
京公网安备 11010802027423号