ESTAS: Effective and Stable Trojan Attacks in Self-supervised Encoders
with One Target Unlabelled Sample
- URL: http://arxiv.org/abs/2211.10908v1
- Date: Sun, 20 Nov 2022 08:58:34 GMT
- Title: ESTAS: Effective and Stable Trojan Attacks in Self-supervised Encoders
with One Target Unlabelled Sample
- Authors: Jiaqi Xue, Qian Lou
- Abstract summary: ESTAS achieves > 99% attacks success rate (ASR) with one target-class sample.
Compared to prior works, ESTAS attains > 30% ASR increase and > 8.3% accuracy improvement on average.
- Score: 16.460288815336902
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Emerging self-supervised learning (SSL) has become a popular image
representation encoding method to obviate the reliance on labeled data and
learn rich representations from large-scale, ubiquitous unlabelled data. Then
one can train a downstream classifier on top of the pre-trained SSL image
encoder with few or no labeled downstream data. Although extensive works show
that SSL has achieved remarkable and competitive performance on different
downstream tasks, its security concerns, e.g, Trojan attacks in SSL encoders,
are still not well-studied. In this work, we present a novel Trojan Attack
method, denoted by ESTAS, that can enable an effective and stable attack in SSL
encoders with only one target unlabeled sample. In particular, we propose
consistent trigger poisoning and cascade optimization in ESTAS to improve
attack efficacy and model accuracy, and eliminate the expensive target-class
data sample extraction from large-scale disordered unlabelled data. Our
substantial experiments on multiple datasets show that ESTAS stably achieves >
99% attacks success rate (ASR) with one target-class sample. Compared to prior
works, ESTAS attains > 30% ASR increase and > 8.3% accuracy improvement on
average.
Related papers
- Phantom: Untargeted Poisoning Attacks on Semi-Supervised Learning (Full Version) [19.99079192245235]
We introduce Phantom, the first untargeted poisoning attack in Semi-Supervised Learning (SSL)
Our approach only requires adding few manipulated samples, such as posting images on social networks, without the need to control the victim.
Our findings demonstrate the threat of poisoning user-generated content platforms, rendering them unsuitable for SSL in specific tasks.
arXiv Detail & Related papers (2024-09-02T21:29:05Z) - Defending Against Repetitive-based Backdoor Attacks on Semi-supervised Learning through Lens of Rate-Distortion-Perception Trade-off [20.713624299599722]
Semi-supervised learning (SSL) has achieved remarkable performance with a small fraction of labeled data.
This large pool of untrusted data is extremely vulnerable to data poisoning, leading to potential backdoor attacks.
We propose a novel method, Unlabeled Data Purification (UPure), to disrupt the association between trigger patterns and target classes.
arXiv Detail & Related papers (2024-07-14T12:42:11Z) - SSL-Cleanse: Trojan Detection and Mitigation in Self-Supervised Learning [27.68997463681079]
Self-supervised learning (SSL) is a prevalent approach for encoding data representations.
Trojan attacks embedded in SSL encoders can operate covertly, spreading across multiple users and devices.
We introduce SSL-Cleanse as a solution to identify and mitigate backdoor threats in SSL encoders.
arXiv Detail & Related papers (2023-03-16T04:45:06Z) - Towards Realistic Semi-Supervised Learning [73.59557447798134]
We propose a novel approach to tackle SSL in open-world setting, where we simultaneously learn to classify known and unknown classes.
Our approach substantially outperforms the existing state-of-the-art on seven diverse datasets.
arXiv Detail & Related papers (2022-07-05T19:04:43Z) - Open-Set Semi-Supervised Learning for 3D Point Cloud Understanding [62.17020485045456]
It is commonly assumed in semi-supervised learning (SSL) that the unlabeled data are drawn from the same distribution as that of the labeled ones.
We propose to selectively utilize unlabeled data through sample weighting, so that only conducive unlabeled data would be prioritized.
arXiv Detail & Related papers (2022-05-02T16:09:17Z) - Robust Deep Semi-Supervised Learning: A Brief Introduction [63.09703308309176]
Semi-supervised learning (SSL) aims to improve learning performance by leveraging unlabeled data when labels are insufficient.
SSL with deep models has proven to be successful on standard benchmark tasks.
However, they are still vulnerable to various robustness threats in real-world applications.
arXiv Detail & Related papers (2022-02-12T04:16:41Z) - A new weakly supervised approach for ALS point cloud semantic
segmentation [1.4620086904601473]
We propose a deep-learning based weakly supervised framework for semantic segmentation of ALS point clouds.
We exploit potential information from unlabeled data subject to incomplete and sparse labels.
Our method achieves an overall accuracy of 83.0% and an average F1 score of 70.0%, which have increased by 6.9% and 12.8% respectively.
arXiv Detail & Related papers (2021-10-04T14:00:23Z) - Dash: Semi-Supervised Learning with Dynamic Thresholding [72.74339790209531]
We propose a semi-supervised learning (SSL) approach that uses unlabeled examples to train models.
Our proposed approach, Dash, enjoys its adaptivity in terms of unlabeled data selection.
arXiv Detail & Related papers (2021-09-01T23:52:29Z) - OpenMatch: Open-set Consistency Regularization for Semi-supervised
Learning with Outliers [71.08167292329028]
We propose a novel Open-set Semi-Supervised Learning (OSSL) approach called OpenMatch.
OpenMatch unifies FixMatch with novelty detection based on one-vs-all (OVA) classifiers.
It achieves state-of-the-art performance on three datasets, and even outperforms a fully supervised model in detecting outliers unseen in unlabeled data on CIFAR10.
arXiv Detail & Related papers (2021-05-28T23:57:15Z) - A Simple Semi-Supervised Learning Framework for Object Detection [55.95789931533665]
Semi-supervised learning (SSL) has a potential to improve the predictive performance of machine learning models using unlabeled data.
We propose STAC, a simple yet effective SSL framework for visual object detection along with a data augmentation strategy.
arXiv Detail & Related papers (2020-05-10T19:15:51Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.