Go to DBLP homepageSPSS: A Salience-based Poisoning Selection Strategy for Selecting Backdoor Attack Victims
Abstract: Recent research has shown that deep neural networks can be compromised through data-poisoning-based backdoor attacks, in which a small fraction of samples in the training dataset is maliciously modified following certain patterns for the purpose of influencing the behavior of the resultant model. Previous attack techniques generate these malicious samples by randomly picking clean data from the training dataset and incorporating a triggering mechanism. This paper introduces a Salience-based Poisoning Selection Strategy (SPSS) that significantly improves attack effectiveness by selecting diverse samples with salient features as victims for poisoning. Rigorous experimental testing on CIFAR-10, CIFAR-100 and ImageNet10 reveals that SPSS significantly improves the attacking effectiveness. Under SPSS selection, the number of poisoned images needed to achieve a certain attack success rate can be minimized by 38.44% of that under random selection approach. Our method is also more computationally efficient compared with existing SOTA selection strategies in this field.
Loading