On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World

Détail du document
Identifiant

oai:arXiv.org:2408.12122

Sujet
Computer Science - Cryptography an...
Auteur
Doan, Bao Gia Nguyen, Dang Quang Lindquist, Callum Montague, Paul Abraham, Tamas De Vel, Olivier Camtepe, Seyit Kanhere, Salil S. Abbasnejad, Ehsan Ranasinghe, Damith C.
Catégorie

Computer Science

Année

2024

Date de référencement

06/11/2024

Mots clés
backdoors detection tasks attacks backdoor object
Métrique

Résumé

Object detectors are vulnerable to backdoor attacks.

In contrast to classifiers, detectors possess unique characteristics, architecturally and in task execution; often operating in challenging conditions, for instance, detecting traffic signs in autonomous cars.

But, our knowledge dominates attacks against classifiers and tests in the "digital domain".

To address this critical gap, we conducted an extensive empirical study targeting multiple detector architectures and two challenging detection tasks in real-world settings: traffic signs and vehicles.

Using the diverse, methodically collected videos captured from driving cars and flying drones, incorporating physical object trigger deployments in authentic scenes, we investigated the viability of physical object-triggered backdoor attacks in application settings.

Our findings revealed 8 key insights.

Importantly, the prevalent "digital" data poisoning method for injecting backdoors into models does not lead to effective attacks against detectors in the real world, although proven effective in classification tasks.

We construct a new, cost-efficient attack method, dubbed MORPHING, incorporating the unique nature of detection tasks; ours is remarkably successful in injecting physical object-triggered backdoors, even capable of poisoning triggers with clean label annotations or invisible triggers without diminishing the success of physical object triggered backdoors.

We discovered that the defenses curated are ill-equipped to safeguard detectors against such attacks.

To underscore the severity of the threat and foster further research, we, for the first time, release an extensive video test set of real-world backdoor attacks.

Our study not only establishes the credibility and seriousness of this threat but also serves as a clarion call to the research community to advance backdoor defenses in the context of object detection.

;Comment: Accepted to appear at the 40th Annual Computer Security Applications Conference (ACSAC 2024).

Code and dataset are available at https://backdoordetectors.github.io/

Doan, Bao Gia,Nguyen, Dang Quang,Lindquist, Callum,Montague, Paul,Abraham, Tamas,De Vel, Olivier,Camtepe, Seyit,Kanhere, Salil S.,Abbasnejad, Ehsan,Ranasinghe, Damith C., 2024, On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World

Document

Ouvrir

Partager

Source

arXiv

Articles recommandés par ES/IODE IA

Computer Science
Tri-Clustering: A Multi-views Tri-level Information Fusion Context Clustering Framework for Localization and Classification in Mammography
 triple computer breast method
BMC Neuroscience
Machine learning and EEG can classify passive viewing of discrete categories of visual stimuli but not the observation of pain
 eeg classify neutral ml participants non-pain expressions images scenes pain
Medicine & Public Health
Gene expression profiles in clinically T1-2N0 ER+HER2− breast cancer patients treated with breast-conserving therapy: their added value in case sentinel lymph node biopsy is not performed
 breast cancer sentinel lymph node biopsy gene expression profile adjuvant chemotherapy gep treated status guideline-2020 outcome patients cancer chemotherapy breast predict