Abstract Deep learning (DL)-based object detection is a core technology that is widely applied in various industrial fields, including surveillance, autonomous driving, and others. However, it is well-known that DL-based systems are vulnerable to adversarial attacks. In particular, backdoor attacks are insidious methods that can covertly manipulate the normal operation of DL systems according to the attacker’s intentions. These attacks are conducted by stealthily inserting backdoor triggers into a subset of training data, thereby embedding a backdoor into the DL model trained on the poisoned dataset. As a result, the backdoored DL model behaves normally for clean inputs but misclassifies malicious inputs containing the trigger into a specific target class. According to our extensive survey on backdoor attacks, there has been limited research on backdoor attacks targeting DL-based object detection models, and no prior studies have explored the impact of the backdoor trigger’s position. Notably, existing methods overlook the significance of trigger placement, typically inserting triggers at arbitrarily fixed positions within the image. Motivated by this gap, our study presents a novel backdoor attack method that markedly improves the attack success rate by identifying the optimal trigger position. Specifically, we design and implement a Backdoor Trigger Position Search Algorithm (BTPSA) that targets DL-based object detection systems. Our experiments demonstrate that backdoor attacks using BTPSA substantially outperform existing methods that insert triggers at fixed or random positions, achieving up to 82.5% points improvement and 30.6% points improvement on average in attack success rate (ASR).
Jo et al. (Tue,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: