As the battle against backdoor attacks and defenses in deep neural networks (DNNs) is becoming increasingly fierce, a large number of innovative backdoor attack and defense methods have emerged. The existing body of research concerning backdoor attacks and defenses within the field of computer vision (CV) is currently fragmented, and a unified framework for classification and evaluation has yet to be established. This paper systematically reviews backdoor attack and defense techniques in this field, categorizing attacks into two categories, Ag (Sample-agnostic Attack) and Sp (Sample-specific Attack), based primarily on trigger type. It also constructs a defense classification based on three distinct intervention phases. This review also outlines commonly used datasets and key evaluation metrics, aiming to provide a unified reference benchmark for the field. Through this review, beginners can have a preliminary understanding of backdoor attacks and defenses. What’s more, this review also hopes to provide researchers with a clear technical roadmap to promote the field from fragmented research to systematic breakthroughs.
Zhuanglin Chen (Mon,) studied this question.