| 摘 要: 针对现有后门攻击因忽略图像纹理差异导致隐蔽性不足及损害模型良性准确率的问题,提出一种基于纹理复杂度感知的自适应稀疏隐蔽攻击方法。该方法利用拉普拉斯算子量化纹理复杂度,并通过自适应稀疏度调度机制,根据训练批次的纹理分布动态调整像素预算,引导触发器优先植入高频纹理区域。CIFAR-10和VGGFace2数据集上的实验表明,该方法在保持高攻击成功率(>95%)和极高视觉隐蔽性(SSIM>0.99)的同时,在更少的像素预算下显著提升了模型良性准确率。研究证实该方法能有效抵抗Fine-Pruning等主流防御技术,实现了隐蔽性与攻击性能的优化平衡。 |
| 关键词: 后门攻击 数据投毒 图像分类 深度学习 人工智能安全 |
|
中图分类号:
文献标识码:
|
| 基金项目: 江苏省重点研发计划(BE2022065-5),江苏省网络与信息安全重点实验室项目(BM2003201) |
|
| Adaptive Sparse Covert Backdoor Attack Based on Texture Complexity |
|
Rui Ziqi, Chen Wei, Zhang Yiting
|
Nanjing University of Posts and Telecommunications
|
| Abstract: Addressing the limitations of existing backdoor attacks, which suffer from insufficient stealthiness and compromised model accuracy due to neglecting image texture differences, this paper proposes an adaptive sparse stealth attack method based on texture complexity awareness. This method utilizes the Laplacian operator to quantify texture complexity and employs an adaptive sparsity scheduling mechanism to dynamically adjust the pixel budget based on the texture distribution of training batches, guiding the trigger to be preferentially embedded in high-frequency texture regions. Experiments on the CIFAR-10 and VGGFace2 datasets demonstrate that this method significantly improves the model"s benign accuracy with fewer pixel budgets while maintaining a high attack success rate (>95%) and extremely high visual stealthiness (SSIM>0.99). The research confirms that this method can effectively resist mainstream defense techniques such as Fine-Pruning, achieving an optimized balance between stealthiness and attack performance. |
| Keywords: Backdoor attack Data poisoning Image classification Deep learning Artificial Intelligence security |
