Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information

Zeng, Yi; Pan, Minzhou; Just, Hoang Anh; Lyu, Lingjuan; Qiu, Meikang; Jia, Ruoxi

doi:10.1145/3576915.3616617

articleNov 15, 2023GOLD OA

Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information

YZYi Zeng MPMinzhou Pan HAHoang Anh Just LLLingjuan Lyu MQMeikang Qiu

Virginia Tech · Sony Computer Science Laboratories · +1 more institution

Indexed incrossref

Abstract

Backdoor attacks introduce manipulated data into a machine learning model's training set, causing the model to misclassify inputs with a trigger during testing to achieve a desired outcome by the attacker. For backdoor attacks to bypass human inspection, it is essential that the injected data appear to be correctly labeled. The attacks with such property are often referred to as "clean-label attacks." The success of current clean-label backdoor methods largely depends on access to the complete training set. Yet, accessing the complete dataset is often challenging or unfeasible since it frequently comes from varied, independent sources, like images from distinct users. It remains a question of whether backdoor…

Citation impact

174

total citations

FWCI: 28.36
Percentile: 100%
References: 23

Citations per year

Authors

6

Topics & keywords

Topics

Keywords

Backdoor
Computer science
Set (abstract data type)
Computer security
Training set
Property (philosophy)
Artificial intelligence

No related works found for this paper.

Funding

NS
National Science Foundation
Awards: IIS-2312794, OAC-2239622