Exploring Robustness of Visual State Space model against Backdoor Attacks

• URL: http://arxiv.org/abs/2408.11679v2
• Date: Thu, 22 Aug 2024 04:36:39 GMT
• Title: Exploring Robustness of Visual State Space model against Backdoor Attacks
• Authors: Cheng-Yi Lee, Cheng-Chang Tsai, Chia-Mu Yu, Chun-Shien Lu,
• Abstract summary: We conduct experiments to comprehend on robustness of Visual State Space Model (VSS) through the lens of backdoor attacks. We first investigate the vulnerability of VSS to different backdoor triggers and reveal that the SSM mechanism makes the VSS model more susceptible to backdoor triggers. We consider an effective backdoor for the VSS model that recurs in each patch to resist patch perturbations.
• Score: 10.650319885027054
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Visual State Space Model (VSS) has demonstrated remarkable performance in various computer vision tasks. However, in the process of development, backdoor attacks have brought severe challenges to security. Such attacks cause an infected model to predict target labels when a specific trigger is activated, while the model behaves normally on benign samples. In this paper, we conduct systematic experiments to comprehend on robustness of VSS through the lens of backdoor attacks, specifically how the state space model (SSM) mechanism affects robustness. We first investigate the vulnerability of VSS to different backdoor triggers and reveal that the SSM mechanism, which captures contextual information within patches, makes the VSS model more susceptible to backdoor triggers compared to models without SSM. Furthermore, we analyze the sensitivity of the VSS model to patch processing techniques and discover that these triggers are effectively disrupted. Based on these observations, we consider an effective backdoor for the VSS model that recurs in each patch to resist patch perturbations. Extensive experiments across three datasets and various backdoor attacks reveal that the VSS model performs comparably to Transformers (ViTs) but is less robust than the Gated CNNs, which comprise only stacked Gated CNN blocks without SSM.

Related papers

• BadScan: An Architectural Backdoor Attack on Visual State Space Models [2.2499166814992435]
  Recently introduced Visual State Space Model (VMamba) has shown exceptional performance compared to Vision Transformers (ViT) One common approach is to embed a trigger in the training data to retrain the model, causing it to misclassify data samples into a target class. We introduce a novel architectural backdoor attack, termed BadScan, designed to deceive the VMamba model.
  arXiv  Detail & Related papers  (2024-11-26T10:13:09Z)
• BEEAR: Embedding-based Adversarial Removal of Safety Backdoors in Instruction-tuned Language Models [57.5404308854535]
  Safety backdoor attacks in large language models (LLMs) enable the stealthy triggering of unsafe behaviors while evading detection during normal interactions. We present BEEAR, a mitigation approach leveraging the insight that backdoor triggers induce relatively uniform drifts in the model's embedding space. Our bi-level optimization method identifies universal embedding perturbations that elicit unwanted behaviors and adjusts the model parameters to reinforce safe behaviors against these perturbations.
  arXiv  Detail & Related papers  (2024-06-24T19:29:47Z)
• Watch the Watcher! Backdoor Attacks on Security-Enhancing Diffusion Models [65.30406788716104]
  This work investigates the vulnerabilities of security-enhancing diffusion models. We demonstrate that these models are highly susceptible to DIFF2, a simple yet effective backdoor attack. Case studies show that DIFF2 can significantly reduce both post-purification and certified accuracy across benchmark datasets and models.
  arXiv  Detail & Related papers  (2024-06-14T02:39:43Z)
• Towards Evaluating the Robustness of Visual State Space Models [63.14954591606638]
  Vision State Space Models (VSSMs) have demonstrated remarkable performance in visual perception tasks. However, their robustness under natural and adversarial perturbations remains a critical concern. We present a comprehensive evaluation of VSSMs' robustness under various perturbation scenarios.
  arXiv  Detail & Related papers  (2024-06-13T17:59:44Z)
• EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection [53.25863925815954]
  Federated self-supervised learning (FSSL) has emerged as a promising paradigm that enables the exploitation of clients' vast amounts of unlabeled data. While FSSL offers advantages, its susceptibility to backdoor attacks has not been investigated. We propose the Embedding Inspector (EmInspector) that detects malicious clients by inspecting the embedding space of local models.
  arXiv  Detail & Related papers  (2024-05-21T06:14:49Z)
• Measuring Impacts of Poisoning on Model Parameters and Embeddings for Large Language Models of Code [4.305373051747465]
  Large language models (LLMs) have revolutionized software development practices, yet concerns about their safety have arisen. Backdoor attacks involve the insertion of triggers into training data, allowing attackers to manipulate the behavior of the model maliciously. In this paper, we focus on analyzing the model parameters to detect potential backdoor signals in code models.
  arXiv  Detail & Related papers  (2024-05-19T06:53:20Z)
• BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning [85.2564206440109]
  This paper reveals the threats in this practical scenario that backdoor attacks can remain effective even after defenses. We introduce the emphtoolns attack, which is resistant to backdoor detection and model fine-tuning defenses.
  arXiv  Detail & Related papers  (2023-11-20T02:21:49Z)
• Versatile Backdoor Attack with Visible, Semantic, Sample-Specific, and Compatible Triggers [38.67988745745853]
  We propose a novel trigger called the textbfVisible, textbfSemantic, textbfSample-language, and textbfCompatible (VSSC) trigger. VSSC trigger achieves effective, stealthy and robust simultaneously, which can also be effectively deployed in the physical scenario using corresponding objects.
  arXiv  Detail & Related papers  (2023-06-01T15:42:06Z)
• Few-Shot Backdoor Attacks on Visual Object Tracking [80.13936562708426]
  Visual object tracking (VOT) has been widely adopted in mission-critical applications, such as autonomous driving and intelligent surveillance systems. We show that an adversary can easily implant hidden backdoors into VOT models by tempering with the training process. We show that our attack is resistant to potential defenses, highlighting the vulnerability of VOT models to potential backdoor attacks.
  arXiv  Detail & Related papers  (2022-01-31T12:38:58Z)
• Exposing Backdoors in Robust Machine Learning Models [0.5672132510411463]
  We show that adversarially robust models are susceptible to backdoor attacks. backdoors are reflected in the feature representation of such models. This observation is leveraged to detect backdoor-infected models via a detection technique called AEGIS.
  arXiv  Detail & Related papers  (2020-02-25T04:45:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.