Enhancing Clean Label Backdoor Attack with Two-phase Specific Triggers Article Swipe
Nan Luo
,
Yuanzhang Li
,
Yajie Wang
,
Shangbo Wu
,
Yu‐an Tan
,
Quanxin Zhang
·
YOU?
·
· 2022
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2206.04881
YOU?
·
· 2022
· Open Access
·
· DOI: https://doi.org/10.48550/arxiv.2206.04881
Backdoor attacks threaten Deep Neural Networks (DNNs). Towards stealthiness, researchers propose clean-label backdoor attacks, which require the adversaries not to alter the labels of the poisoned training datasets. Clean-label settings make the attack more stealthy due to the correct image-label pairs, but some problems still exist: first, traditional methods for poisoning training data are ineffective; second, traditional triggers are not stealthy which are still perceptible. To solve these problems, we propose a two-phase and image-specific triggers generation method to enhance clean-label backdoor attacks. Our methods are (1) powerful: our triggers can both promote the two phases (i.e., the backdoor implantation and activation phase) in backdoor attacks simultaneously; (2) stealthy: our triggers are generated from each image. They are image-specific instead of fixed triggers. Extensive experiments demonstrate that our approach can achieve a fantastic attack success rate~(98.98%) with low poisoning rate~(5%), high stealthiness under many evaluation metrics and is resistant to backdoor defense methods.
Related Topics
Concepts
Metadata
- Type
- preprint
- Language
- en
- Landing Page
- http://arxiv.org/abs/2206.04881
- https://arxiv.org/pdf/2206.04881
- OA Status
- green
- Cited By
- 5
- Related Works
- 10
- OpenAlex ID
- https://openalex.org/W4282813371
All OpenAlex metadata
Raw OpenAlex JSON
- OpenAlex ID
-
https://openalex.org/W4282813371Canonical identifier for this work in OpenAlex
- DOI
-
https://doi.org/10.48550/arxiv.2206.04881Digital Object Identifier
- Title
-
Enhancing Clean Label Backdoor Attack with Two-phase Specific TriggersWork title
- Type
-
preprintOpenAlex work type
- Language
-
enPrimary language
- Publication year
-
2022Year of publication
- Publication date
-
2022-06-10Full publication date if available
- Authors
-
Nan Luo, Yuanzhang Li, Yajie Wang, Shangbo Wu, Yu‐an Tan, Quanxin ZhangList of authors in order
- Landing page
-
https://arxiv.org/abs/2206.04881Publisher landing page
- PDF URL
-
https://arxiv.org/pdf/2206.04881Direct link to full text PDF
- Open access
-
YesWhether a free full text is available
- OA status
-
greenOpen access status per OpenAlex
- OA URL
-
https://arxiv.org/pdf/2206.04881Direct OA link when available
- Concepts
-
Backdoor, Computer science, Computer security, Image (mathematics), Phase (matter), Artificial intelligence, Physics, Quantum mechanicsTop concepts (fields/topics) attached by OpenAlex
- Cited by
-
5Total citation count in OpenAlex
- Citations by year (recent)
-
2024: 3, 2023: 2Per-year citation counts (last 5 years)
- Related works (count)
-
10Other works algorithmically related by OpenAlex
Full payload
| id | https://openalex.org/W4282813371 |
|---|---|
| doi | https://doi.org/10.48550/arxiv.2206.04881 |
| ids.doi | https://doi.org/10.48550/arxiv.2206.04881 |
| ids.openalex | https://openalex.org/W4282813371 |
| fwci | |
| type | preprint |
| title | Enhancing Clean Label Backdoor Attack with Two-phase Specific Triggers |
| biblio.issue | |
| biblio.volume | |
| biblio.last_page | |
| biblio.first_page | |
| topics[0].id | https://openalex.org/T11689 |
| topics[0].field.id | https://openalex.org/fields/17 |
| topics[0].field.display_name | Computer Science |
| topics[0].score | 0.9998000264167786 |
| topics[0].domain.id | https://openalex.org/domains/3 |
| topics[0].domain.display_name | Physical Sciences |
| topics[0].subfield.id | https://openalex.org/subfields/1702 |
| topics[0].subfield.display_name | Artificial Intelligence |
| topics[0].display_name | Adversarial Robustness in Machine Learning |
| topics[1].id | https://openalex.org/T11512 |
| topics[1].field.id | https://openalex.org/fields/17 |
| topics[1].field.display_name | Computer Science |
| topics[1].score | 0.9815999865531921 |
| topics[1].domain.id | https://openalex.org/domains/3 |
| topics[1].domain.display_name | Physical Sciences |
| topics[1].subfield.id | https://openalex.org/subfields/1702 |
| topics[1].subfield.display_name | Artificial Intelligence |
| topics[1].display_name | Anomaly Detection Techniques and Applications |
| topics[2].id | https://openalex.org/T10036 |
| topics[2].field.id | https://openalex.org/fields/17 |
| topics[2].field.display_name | Computer Science |
| topics[2].score | 0.9722999930381775 |
| topics[2].domain.id | https://openalex.org/domains/3 |
| topics[2].domain.display_name | Physical Sciences |
| topics[2].subfield.id | https://openalex.org/subfields/1707 |
| topics[2].subfield.display_name | Computer Vision and Pattern Recognition |
| topics[2].display_name | Advanced Neural Network Applications |
| is_xpac | False |
| apc_list | |
| apc_paid | |
| concepts[0].id | https://openalex.org/C2781045450 |
| concepts[0].level | 2 |
| concepts[0].score | 0.9993759393692017 |
| concepts[0].wikidata | https://www.wikidata.org/wiki/Q254569 |
| concepts[0].display_name | Backdoor |
| concepts[1].id | https://openalex.org/C41008148 |
| concepts[1].level | 0 |
| concepts[1].score | 0.5978050827980042 |
| concepts[1].wikidata | https://www.wikidata.org/wiki/Q21198 |
| concepts[1].display_name | Computer science |
| concepts[2].id | https://openalex.org/C38652104 |
| concepts[2].level | 1 |
| concepts[2].score | 0.5734850168228149 |
| concepts[2].wikidata | https://www.wikidata.org/wiki/Q3510521 |
| concepts[2].display_name | Computer security |
| concepts[3].id | https://openalex.org/C115961682 |
| concepts[3].level | 2 |
| concepts[3].score | 0.5445570945739746 |
| concepts[3].wikidata | https://www.wikidata.org/wiki/Q860623 |
| concepts[3].display_name | Image (mathematics) |
| concepts[4].id | https://openalex.org/C44280652 |
| concepts[4].level | 2 |
| concepts[4].score | 0.4147685170173645 |
| concepts[4].wikidata | https://www.wikidata.org/wiki/Q104837 |
| concepts[4].display_name | Phase (matter) |
| concepts[5].id | https://openalex.org/C154945302 |
| concepts[5].level | 1 |
| concepts[5].score | 0.31894177198410034 |
| concepts[5].wikidata | https://www.wikidata.org/wiki/Q11660 |
| concepts[5].display_name | Artificial intelligence |
| concepts[6].id | https://openalex.org/C121332964 |
| concepts[6].level | 0 |
| concepts[6].score | 0.11376067996025085 |
| concepts[6].wikidata | https://www.wikidata.org/wiki/Q413 |
| concepts[6].display_name | Physics |
| concepts[7].id | https://openalex.org/C62520636 |
| concepts[7].level | 1 |
| concepts[7].score | 0.0 |
| concepts[7].wikidata | https://www.wikidata.org/wiki/Q944 |
| concepts[7].display_name | Quantum mechanics |
| keywords[0].id | https://openalex.org/keywords/backdoor |
| keywords[0].score | 0.9993759393692017 |
| keywords[0].display_name | Backdoor |
| keywords[1].id | https://openalex.org/keywords/computer-science |
| keywords[1].score | 0.5978050827980042 |
| keywords[1].display_name | Computer science |
| keywords[2].id | https://openalex.org/keywords/computer-security |
| keywords[2].score | 0.5734850168228149 |
| keywords[2].display_name | Computer security |
| keywords[3].id | https://openalex.org/keywords/image |
| keywords[3].score | 0.5445570945739746 |
| keywords[3].display_name | Image (mathematics) |
| keywords[4].id | https://openalex.org/keywords/phase |
| keywords[4].score | 0.4147685170173645 |
| keywords[4].display_name | Phase (matter) |
| keywords[5].id | https://openalex.org/keywords/artificial-intelligence |
| keywords[5].score | 0.31894177198410034 |
| keywords[5].display_name | Artificial intelligence |
| keywords[6].id | https://openalex.org/keywords/physics |
| keywords[6].score | 0.11376067996025085 |
| keywords[6].display_name | Physics |
| language | en |
| locations[0].id | pmh:oai:arXiv.org:2206.04881 |
| locations[0].is_oa | True |
| locations[0].source.id | https://openalex.org/S4306400194 |
| locations[0].source.issn | |
| locations[0].source.type | repository |
| locations[0].source.is_oa | True |
| locations[0].source.issn_l | |
| locations[0].source.is_core | False |
| locations[0].source.is_in_doaj | False |
| locations[0].source.display_name | arXiv (Cornell University) |
| locations[0].source.host_organization | https://openalex.org/I205783295 |
| locations[0].source.host_organization_name | Cornell University |
| locations[0].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[0].license | |
| locations[0].pdf_url | https://arxiv.org/pdf/2206.04881 |
| locations[0].version | submittedVersion |
| locations[0].raw_type | |
| locations[0].license_id | |
| locations[0].is_accepted | False |
| locations[0].is_published | False |
| locations[0].raw_source_name | |
| locations[0].landing_page_url | http://arxiv.org/abs/2206.04881 |
| locations[1].id | doi:10.48550/arxiv.2206.04881 |
| locations[1].is_oa | True |
| locations[1].source.id | https://openalex.org/S4306400194 |
| locations[1].source.issn | |
| locations[1].source.type | repository |
| locations[1].source.is_oa | True |
| locations[1].source.issn_l | |
| locations[1].source.is_core | False |
| locations[1].source.is_in_doaj | False |
| locations[1].source.display_name | arXiv (Cornell University) |
| locations[1].source.host_organization | https://openalex.org/I205783295 |
| locations[1].source.host_organization_name | Cornell University |
| locations[1].source.host_organization_lineage | https://openalex.org/I205783295 |
| locations[1].license | |
| locations[1].pdf_url | |
| locations[1].version | |
| locations[1].raw_type | article |
| locations[1].license_id | |
| locations[1].is_accepted | False |
| locations[1].is_published | |
| locations[1].raw_source_name | |
| locations[1].landing_page_url | https://doi.org/10.48550/arxiv.2206.04881 |
| indexed_in | arxiv, datacite |
| authorships[0].author.id | https://openalex.org/A5064398143 |
| authorships[0].author.orcid | https://orcid.org/0000-0001-7980-6979 |
| authorships[0].author.display_name | Nan Luo |
| authorships[0].author_position | first |
| authorships[0].raw_author_name | Luo, Nan |
| authorships[0].is_corresponding | False |
| authorships[1].author.id | https://openalex.org/A5026287089 |
| authorships[1].author.orcid | https://orcid.org/0000-0002-1931-366X |
| authorships[1].author.display_name | Yuanzhang Li |
| authorships[1].author_position | middle |
| authorships[1].raw_author_name | Li, Yuanzhang |
| authorships[1].is_corresponding | False |
| authorships[2].author.id | https://openalex.org/A5100455413 |
| authorships[2].author.orcid | https://orcid.org/0000-0002-0962-4464 |
| authorships[2].author.display_name | Yajie Wang |
| authorships[2].author_position | middle |
| authorships[2].raw_author_name | Wang, Yajie |
| authorships[2].is_corresponding | False |
| authorships[3].author.id | https://openalex.org/A5090304311 |
| authorships[3].author.orcid | https://orcid.org/0000-0002-0737-7420 |
| authorships[3].author.display_name | Shangbo Wu |
| authorships[3].author_position | middle |
| authorships[3].raw_author_name | Wu, Shangbo |
| authorships[3].is_corresponding | False |
| authorships[4].author.id | https://openalex.org/A5003198271 |
| authorships[4].author.orcid | https://orcid.org/0000-0001-6404-8853 |
| authorships[4].author.display_name | Yu‐an Tan |
| authorships[4].author_position | middle |
| authorships[4].raw_author_name | Tan, Yu-an |
| authorships[4].is_corresponding | False |
| authorships[5].author.id | https://openalex.org/A5017675981 |
| authorships[5].author.orcid | https://orcid.org/0000-0002-5094-7388 |
| authorships[5].author.display_name | Quanxin Zhang |
| authorships[5].author_position | last |
| authorships[5].raw_author_name | Zhang, Quanxin |
| authorships[5].is_corresponding | False |
| has_content.pdf | False |
| has_content.grobid_xml | False |
| is_paratext | False |
| open_access.is_oa | True |
| open_access.oa_url | https://arxiv.org/pdf/2206.04881 |
| open_access.oa_status | green |
| open_access.any_repository_has_fulltext | False |
| created_date | 2025-10-10T00:00:00 |
| display_name | Enhancing Clean Label Backdoor Attack with Two-phase Specific Triggers |
| has_fulltext | False |
| is_retracted | False |
| updated_date | 2025-11-06T06:51:31.235846 |
| primary_topic.id | https://openalex.org/T11689 |
| primary_topic.field.id | https://openalex.org/fields/17 |
| primary_topic.field.display_name | Computer Science |
| primary_topic.score | 0.9998000264167786 |
| primary_topic.domain.id | https://openalex.org/domains/3 |
| primary_topic.domain.display_name | Physical Sciences |
| primary_topic.subfield.id | https://openalex.org/subfields/1702 |
| primary_topic.subfield.display_name | Artificial Intelligence |
| primary_topic.display_name | Adversarial Robustness in Machine Learning |
| related_works | https://openalex.org/W4320031223, https://openalex.org/W4200629851, https://openalex.org/W4281902577, https://openalex.org/W4309417370, https://openalex.org/W4292107232, https://openalex.org/W3009072493, https://openalex.org/W4386080799, https://openalex.org/W3140988292, https://openalex.org/W4317672133, https://openalex.org/W4386185023 |
| cited_by_count | 5 |
| counts_by_year[0].year | 2024 |
| counts_by_year[0].cited_by_count | 3 |
| counts_by_year[1].year | 2023 |
| counts_by_year[1].cited_by_count | 2 |
| locations_count | 2 |
| best_oa_location.id | pmh:oai:arXiv.org:2206.04881 |
| best_oa_location.is_oa | True |
| best_oa_location.source.id | https://openalex.org/S4306400194 |
| best_oa_location.source.issn | |
| best_oa_location.source.type | repository |
| best_oa_location.source.is_oa | True |
| best_oa_location.source.issn_l | |
| best_oa_location.source.is_core | False |
| best_oa_location.source.is_in_doaj | False |
| best_oa_location.source.display_name | arXiv (Cornell University) |
| best_oa_location.source.host_organization | https://openalex.org/I205783295 |
| best_oa_location.source.host_organization_name | Cornell University |
| best_oa_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| best_oa_location.license | |
| best_oa_location.pdf_url | https://arxiv.org/pdf/2206.04881 |
| best_oa_location.version | submittedVersion |
| best_oa_location.raw_type | |
| best_oa_location.license_id | |
| best_oa_location.is_accepted | False |
| best_oa_location.is_published | False |
| best_oa_location.raw_source_name | |
| best_oa_location.landing_page_url | http://arxiv.org/abs/2206.04881 |
| primary_location.id | pmh:oai:arXiv.org:2206.04881 |
| primary_location.is_oa | True |
| primary_location.source.id | https://openalex.org/S4306400194 |
| primary_location.source.issn | |
| primary_location.source.type | repository |
| primary_location.source.is_oa | True |
| primary_location.source.issn_l | |
| primary_location.source.is_core | False |
| primary_location.source.is_in_doaj | False |
| primary_location.source.display_name | arXiv (Cornell University) |
| primary_location.source.host_organization | https://openalex.org/I205783295 |
| primary_location.source.host_organization_name | Cornell University |
| primary_location.source.host_organization_lineage | https://openalex.org/I205783295 |
| primary_location.license | |
| primary_location.pdf_url | https://arxiv.org/pdf/2206.04881 |
| primary_location.version | submittedVersion |
| primary_location.raw_type | |
| primary_location.license_id | |
| primary_location.is_accepted | False |
| primary_location.is_published | False |
| primary_location.raw_source_name | |
| primary_location.landing_page_url | http://arxiv.org/abs/2206.04881 |
| publication_date | 2022-06-10 |
| publication_year | 2022 |
| referenced_works_count | 0 |
| abstract_inverted_index.a | 71, 131 |
| abstract_inverted_index.To | 65 |
| abstract_inverted_index.in | 103 |
| abstract_inverted_index.is | 147 |
| abstract_inverted_index.of | 23, 120 |
| abstract_inverted_index.to | 19, 36, 78, 149 |
| abstract_inverted_index.we | 69 |
| abstract_inverted_index.(1) | 86 |
| abstract_inverted_index.(2) | 107 |
| abstract_inverted_index.Our | 83 |
| abstract_inverted_index.and | 73, 100, 146 |
| abstract_inverted_index.are | 53, 58, 62, 85, 111, 117 |
| abstract_inverted_index.but | 41 |
| abstract_inverted_index.can | 90, 129 |
| abstract_inverted_index.due | 35 |
| abstract_inverted_index.for | 49 |
| abstract_inverted_index.low | 137 |
| abstract_inverted_index.not | 18, 59 |
| abstract_inverted_index.our | 88, 109, 127 |
| abstract_inverted_index.the | 16, 21, 24, 31, 37, 93, 97 |
| abstract_inverted_index.two | 94 |
| abstract_inverted_index.Deep | 3 |
| abstract_inverted_index.They | 116 |
| abstract_inverted_index.both | 91 |
| abstract_inverted_index.data | 52 |
| abstract_inverted_index.each | 114 |
| abstract_inverted_index.from | 113 |
| abstract_inverted_index.high | 140 |
| abstract_inverted_index.make | 30 |
| abstract_inverted_index.many | 143 |
| abstract_inverted_index.more | 33 |
| abstract_inverted_index.some | 42 |
| abstract_inverted_index.that | 126 |
| abstract_inverted_index.with | 136 |
| abstract_inverted_index.alter | 20 |
| abstract_inverted_index.fixed | 121 |
| abstract_inverted_index.solve | 66 |
| abstract_inverted_index.still | 44, 63 |
| abstract_inverted_index.these | 67 |
| abstract_inverted_index.under | 142 |
| abstract_inverted_index.which | 14, 61 |
| abstract_inverted_index.(i.e., | 96 |
| abstract_inverted_index.Neural | 4 |
| abstract_inverted_index.attack | 32, 133 |
| abstract_inverted_index.exist: | 45 |
| abstract_inverted_index.first, | 46 |
| abstract_inverted_index.image. | 115 |
| abstract_inverted_index.labels | 22 |
| abstract_inverted_index.method | 77 |
| abstract_inverted_index.pairs, | 40 |
| abstract_inverted_index.phase) | 102 |
| abstract_inverted_index.phases | 95 |
| abstract_inverted_index.(DNNs). | 6 |
| abstract_inverted_index.Towards | 7 |
| abstract_inverted_index.achieve | 130 |
| abstract_inverted_index.attacks | 1, 105 |
| abstract_inverted_index.correct | 38 |
| abstract_inverted_index.defense | 151 |
| abstract_inverted_index.enhance | 79 |
| abstract_inverted_index.instead | 119 |
| abstract_inverted_index.methods | 48, 84 |
| abstract_inverted_index.metrics | 145 |
| abstract_inverted_index.promote | 92 |
| abstract_inverted_index.propose | 10, 70 |
| abstract_inverted_index.require | 15 |
| abstract_inverted_index.second, | 55 |
| abstract_inverted_index.success | 134 |
| abstract_inverted_index.Backdoor | 0 |
| abstract_inverted_index.Networks | 5 |
| abstract_inverted_index.approach | 128 |
| abstract_inverted_index.attacks, | 13 |
| abstract_inverted_index.attacks. | 82 |
| abstract_inverted_index.backdoor | 12, 81, 98, 104, 150 |
| abstract_inverted_index.methods. | 152 |
| abstract_inverted_index.poisoned | 25 |
| abstract_inverted_index.problems | 43 |
| abstract_inverted_index.settings | 29 |
| abstract_inverted_index.stealthy | 34, 60 |
| abstract_inverted_index.threaten | 2 |
| abstract_inverted_index.training | 26, 51 |
| abstract_inverted_index.triggers | 57, 75, 89, 110 |
| abstract_inverted_index.Extensive | 123 |
| abstract_inverted_index.datasets. | 27 |
| abstract_inverted_index.fantastic | 132 |
| abstract_inverted_index.generated | 112 |
| abstract_inverted_index.poisoning | 50, 138 |
| abstract_inverted_index.powerful: | 87 |
| abstract_inverted_index.problems, | 68 |
| abstract_inverted_index.resistant | 148 |
| abstract_inverted_index.stealthy: | 108 |
| abstract_inverted_index.triggers. | 122 |
| abstract_inverted_index.two-phase | 72 |
| abstract_inverted_index.activation | 101 |
| abstract_inverted_index.evaluation | 144 |
| abstract_inverted_index.generation | 76 |
| abstract_inverted_index.rate~(5%), | 139 |
| abstract_inverted_index.Clean-label | 28 |
| abstract_inverted_index.adversaries | 17 |
| abstract_inverted_index.clean-label | 11, 80 |
| abstract_inverted_index.demonstrate | 125 |
| abstract_inverted_index.experiments | 124 |
| abstract_inverted_index.image-label | 39 |
| abstract_inverted_index.researchers | 9 |
| abstract_inverted_index.traditional | 47, 56 |
| abstract_inverted_index.implantation | 99 |
| abstract_inverted_index.ineffective; | 54 |
| abstract_inverted_index.perceptible. | 64 |
| abstract_inverted_index.stealthiness | 141 |
| abstract_inverted_index.rate~(98.98%) | 135 |
| abstract_inverted_index.stealthiness, | 8 |
| abstract_inverted_index.image-specific | 74, 118 |
| abstract_inverted_index.simultaneously; | 106 |
| cited_by_percentile_year | |
| countries_distinct_count | 0 |
| institutions_distinct_count | 6 |
| citation_normalized_percentile |