Backdoor attacks against deep image compression via adaptive frequency trigger

Recent deep-learning-based compression methods have achieved superior performance compared with traditional approaches. However, deep learning models have proven to be vulnerable to backdoor attacks, where some specific trigger patterns added to the input can lead to malicious behavior of the models...

全面介紹

Saved in:
書目詳細資料
Main Authors: Yu, Yi, Wang, Yufei, Yang, Wenhan, Lu, Shijian, Tan, Yap Peng, Kot, Alex Chichung
其他作者: Interdisciplinary Graduate School (IGS)
格式: Conference or Workshop Item
語言:English
出版: 2023
主題:
在線閱讀:https://hdl.handle.net/10356/168045
https://cvpr2023.thecvf.com/Conferences/2023
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
id sg-ntu-dr.10356-168045
record_format dspace
spelling sg-ntu-dr.10356-1680452023-08-29T00:54:03Z Backdoor attacks against deep image compression via adaptive frequency trigger Yu, Yi Wang, Yufei Yang, Wenhan Lu, Shijian Tan, Yap Peng Kot, Alex Chichung Interdisciplinary Graduate School (IGS) IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023) Rapid-Rich Object Search (ROSE) Lab Engineering::Computer science and engineering Image Compression Signal Processing Recent deep-learning-based compression methods have achieved superior performance compared with traditional approaches. However, deep learning models have proven to be vulnerable to backdoor attacks, where some specific trigger patterns added to the input can lead to malicious behavior of the models. In this paper, we present a novel backdoor attack with multiple triggers against learned image compression models. Motivated by the widely used discrete cosine transform (DCT) in existing compression systems and standards, we propose a frequency-based trigger injection model that adds triggers in the DCT domain. In particular, we design several attack objectives for various attacking scenarios, including: 1) attacking compression quality in terms of bit-rate and reconstruction quality; 2) attacking task-driven measures, such as down-stream face recognition and semantic segmentation. Moreover, a novel simple dynamic loss is designed to balance the influence of different loss terms adaptively, which helps achieve more efficient training. Extensive experiments show that with our trained trigger injection models and simple modification of encoder parameters (of the compression model), the proposed attack can successfully inject several backdoors with corresponding triggers in a single image compression model. Nanyang Technological University Submitted/Accepted version This work was done at Rapid-Rich Object Search (ROSE) Lab, Nanyang Technological University. This research is supported in part by the NTU- PKU Joint Research Institute (a collaboration between the Nanyang Technological University and Peking University that is sponsored by a donation from the Ng Teng Fong Charitable Foundation). This research work is also partially supported by the Basic and Frontier Research Project of PCL and the Major Key Project of PCL. 2023-08-22T08:48:33Z 2023-08-22T08:48:33Z 2023 Conference Paper Yu, Y., Wang, Y., Yang, W., Lu, S., Tan, Y. P. & Kot, A. C. (2023). Backdoor attacks against deep image compression via adaptive frequency trigger. IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR 2023). https://dx.doi.org/10.1109/CVPR52729.2023.01179 https://hdl.handle.net/10356/168045 10.1109/CVPR52729.2023.01179 https://cvpr2023.thecvf.com/Conferences/2023 en © 2023 The Author(s). Published by Computer Vision Foundation. This is an open-access article distributed under the terms of the Creative Commons Attribution License. The final published version of the proceedings is available on IEEE Xplore. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Image Compression
Signal Processing
spellingShingle Engineering::Computer science and engineering
Image Compression
Signal Processing
Yu, Yi
Wang, Yufei
Yang, Wenhan
Lu, Shijian
Tan, Yap Peng
Kot, Alex Chichung
Backdoor attacks against deep image compression via adaptive frequency trigger
description Recent deep-learning-based compression methods have achieved superior performance compared with traditional approaches. However, deep learning models have proven to be vulnerable to backdoor attacks, where some specific trigger patterns added to the input can lead to malicious behavior of the models. In this paper, we present a novel backdoor attack with multiple triggers against learned image compression models. Motivated by the widely used discrete cosine transform (DCT) in existing compression systems and standards, we propose a frequency-based trigger injection model that adds triggers in the DCT domain. In particular, we design several attack objectives for various attacking scenarios, including: 1) attacking compression quality in terms of bit-rate and reconstruction quality; 2) attacking task-driven measures, such as down-stream face recognition and semantic segmentation. Moreover, a novel simple dynamic loss is designed to balance the influence of different loss terms adaptively, which helps achieve more efficient training. Extensive experiments show that with our trained trigger injection models and simple modification of encoder parameters (of the compression model), the proposed attack can successfully inject several backdoors with corresponding triggers in a single image compression model.
author2 Interdisciplinary Graduate School (IGS)
author_facet Interdisciplinary Graduate School (IGS)
Yu, Yi
Wang, Yufei
Yang, Wenhan
Lu, Shijian
Tan, Yap Peng
Kot, Alex Chichung
format Conference or Workshop Item
author Yu, Yi
Wang, Yufei
Yang, Wenhan
Lu, Shijian
Tan, Yap Peng
Kot, Alex Chichung
author_sort Yu, Yi
title Backdoor attacks against deep image compression via adaptive frequency trigger
title_short Backdoor attacks against deep image compression via adaptive frequency trigger
title_full Backdoor attacks against deep image compression via adaptive frequency trigger
title_fullStr Backdoor attacks against deep image compression via adaptive frequency trigger
title_full_unstemmed Backdoor attacks against deep image compression via adaptive frequency trigger
title_sort backdoor attacks against deep image compression via adaptive frequency trigger
publishDate 2023
url https://hdl.handle.net/10356/168045
https://cvpr2023.thecvf.com/Conferences/2023
_version_ 1779156412243378176