研究生: 洪立宇
Li-Yu Hung
論文名稱: 透過選擇受害者資料設計針對分類模型之後門攻擊
Backdoor Attacks against Classification Models by Victim Data Selection
指導教授: 李漢銘
Hahn-Ming Lee
Shin-Ming Cheng
口試委員: 李育杰
Yuh-Jye Lee
Shao-Jui Wang
學位類別: 碩士
系所名稱: 電資學院 - 資訊工程系
Department of Computer Science and Information Engineering
論文出版年: 2023
畢業學年度: 111
語文別: 英文
論文頁數: 44
中文關鍵詞: 機器學習後門攻擊受害者資料選擇
外文關鍵詞: machine learning, backdoor attack, Victim Data Selection
隨著人工智慧模型的進步,一系列針對不同應用領域的後門攻擊逐漸被提出。 目前對後門攻擊的研究主要集中在不同領域的攻擊者如何設計有效的觸發器。然而,通過在訓練樣本中嵌入觸發器來毒害訓練集的後門攻擊的研究中,經常採用的方法是隨機選擇樣本進行毒害。 通過選擇更容易被感染的樣本,可以顯著提高後門攻擊的成功率和隱蔽性。 我們提出了目標樣本算法,它是一個選擇樣本植入的策略,並通過實驗證明,在最有利的情況下,這個選擇策略將可以使後門攻擊的效率可以提高一倍以上。 重要的是,這種方法不需要在觸發器的設計中進行額外的優化。

With the advancement of artificial intelligence models, a series of backdoor attacks for different application domains have gradually been proposed. Current research on backdoor attacks mainly focuses on how attackers in different fields design effective triggers. However, in the study of backdoor attacks that poison the training set by embedding triggers in training samples, the often-used method is to randomly select samples for poisoning. By choosing samples that are easier to infect, the success rate and stealthiness of backdoor attacks can be significantly improved. We propose a Target Algorithm, which is a strategy for choosing samples to implant, and through experiments, we demonstrate that, in the most favorable situations, this selection strategy can more than double the efficiency of backdoor attacks. Importantly, this method does not require additional optimization in the design of triggers.

Introduction Background and Related Work Method Experimental Evaluation Feture Work Conclusions

