BadSR: Stealthy Label Backdoor Attacks on Image Super-Resolution
- URL: http://arxiv.org/abs/2505.15308v1
- Date: Wed, 21 May 2025 09:36:35 GMT
- Title: BadSR: Stealthy Label Backdoor Attacks on Image Super-Resolution
- Authors: Ji Guo, Xiaolei Wen, Wenbo Jiang, Cheng Huang, Jinjin Li, Hongwei Li,
- Abstract summary: Super-resolution (SR) models can be subjected to backdoor attacks through data poisoning.<n>We propose BadSR, which improves the stealthiness of poisoned HR images.<n>BadSR achieves a high attack success rate in various models and data sets.
- Score: 6.894237931978495
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: With the widespread application of super-resolution (SR) in various fields, researchers have begun to investigate its security. Previous studies have demonstrated that SR models can also be subjected to backdoor attacks through data poisoning, affecting downstream tasks. A backdoor SR model generates an attacker-predefined target image when given a triggered image while producing a normal high-resolution (HR) output for clean images. However, prior backdoor attacks on SR models have primarily focused on the stealthiness of poisoned low-resolution (LR) images while ignoring the stealthiness of poisoned HR images, making it easy for users to detect anomalous data. To address this problem, we propose BadSR, which improves the stealthiness of poisoned HR images. The key idea of BadSR is to approximate the clean HR image and the pre-defined target image in the feature space while ensuring that modifications to the clean HR image remain within a constrained range. The poisoned HR images generated by BadSR can be integrated with existing triggers. To further improve the effectiveness of BadSR, we design an adversarially optimized trigger and a backdoor gradient-driven poisoned sample selection method based on a genetic algorithm. The experimental results show that BadSR achieves a high attack success rate in various models and data sets, significantly affecting downstream tasks.
Related papers
- Blind Super Resolution with Reference Images and Implicit Degradation Representation [5.34372866210952]
Degradation kernels should account for not only the degradation process but also the downscaling factor.<n>Applying the same degradation kernel across varying super-resolution scales may be impractical.<n>Our research acknowledges degradation kernels and scaling factors as pivotal elements for the BSR task.
arXiv Detail & Related papers (2025-07-18T13:45:04Z) - SRD: Reinforcement-Learned Semantic Perturbation for Backdoor Defense in VLMs [57.880467106470775]
Attackers can inject imperceptible perturbations into the training data, causing the model to generate malicious, attacker-controlled captions.<n>We propose Semantic Reward Defense (SRD), a reinforcement learning framework that mitigates backdoor behavior without prior knowledge of triggers.<n>SRD uses a Deep Q-Network to learn policies for applying discrete perturbations to sensitive image regions, aiming to disrupt the activation of malicious pathways.
arXiv Detail & Related papers (2025-06-05T08:22:24Z) - BadRefSR: Backdoor Attacks Against Reference-based Image Super Resolution [14.605562676764636]
RefSR leverage an additional reference image to help recover high-frequency details.<n>BadRefSR embeds backdoors in the RefSR model by adding triggers to the reference images and training with a mixed loss function.<n>Our study aims to alert researchers to the potential backdoor risks in RefSR.
arXiv Detail & Related papers (2025-02-28T10:53:39Z) - Retrievals Can Be Detrimental: A Contrastive Backdoor Attack Paradigm on Retrieval-Augmented Diffusion Models [37.66349948811172]
Diffusion models (DMs) have recently demonstrated remarkable generation capability.<n>Recent studies empower DMs with the advanced Retrieval-Augmented Generation (RAG) technique.<n>RAG enhances DMs' generation and generalization ability while significantly reducing model parameters.<n>Despite the great success, RAG may introduce novel security issues that warrant further investigation.
arXiv Detail & Related papers (2025-01-23T02:42:28Z) - Timestep-Aware Diffusion Model for Extreme Image Rescaling [47.89362819768323]
We propose a novel framework called Timestep-Aware Diffusion Model (TADM) for extreme image rescaling.<n>TADM performs rescaling operations in the latent space of a pre-trained autoencoder.<n>It effectively leverages powerful natural image priors learned by a pre-trained text-to-image diffusion model.
arXiv Detail & Related papers (2024-08-17T09:51:42Z) - Invisible Backdoor Attack Through Singular Value Decomposition [2.681558084723648]
backdoor attacks pose a serious security threat to deep neural networks (DNNs)
To make triggers less perceptible and imperceptible, various invisible backdoor attacks have been proposed.
This paper proposes an invisible backdoor attack called DEBA.
arXiv Detail & Related papers (2024-03-18T13:25:12Z) - Efficient Test-Time Adaptation for Super-Resolution with Second-Order
Degradation and Reconstruction [62.955327005837475]
Image super-resolution (SR) aims to learn a mapping from low-resolution (LR) to high-resolution (HR) using paired HR-LR training images.
We present an efficient test-time adaptation framework for SR, named SRTTA, which is able to quickly adapt SR models to test domains with different/unknown degradation types.
arXiv Detail & Related papers (2023-10-29T13:58:57Z) - Knowledge Distillation based Degradation Estimation for Blind
Super-Resolution [146.0988597062618]
Blind image super-resolution (Blind-SR) aims to recover a high-resolution (HR) image from its corresponding low-resolution (LR) input image with unknown degradations.
It is infeasible to provide concrete labels of multiple degradation combinations to supervise the degradation estimator training.
We propose a knowledge distillation based implicit degradation estimator network (KD-IDE) and an efficient SR network.
arXiv Detail & Related papers (2022-11-30T11:59:07Z) - SRTGAN: Triplet Loss based Generative Adversarial Network for Real-World
Super-Resolution [13.897062992922029]
An alternative solution called Single Image Super-Resolution (SISR) is a software-driven approach that aims to take a Low-Resolution (LR) image and obtain the HR image.
We introduce a new triplet-based adversarial loss function that exploits the information provided in the LR image by using it as a negative sample.
We propose to fuse the adversarial loss, content loss, perceptual loss, and quality loss to obtain Super-Resolution (SR) image with high perceptual fidelity.
arXiv Detail & Related papers (2022-11-22T11:17:07Z) - Robust Real-World Image Super-Resolution against Adversarial Attacks [115.04009271192211]
adversarial image samples with quasi-imperceptible noises could threaten deep learning SR models.
We propose a robust deep learning framework for real-world SR that randomly erases potential adversarial noises.
Our proposed method is more insensitive to adversarial attacks and presents more stable SR results than existing models and defenses.
arXiv Detail & Related papers (2022-07-31T13:26:33Z) - Hierarchical Conditional Flow: A Unified Framework for Image
Super-Resolution and Image Rescaling [139.25215100378284]
We propose a hierarchical conditional flow (HCFlow) as a unified framework for image SR and image rescaling.
HCFlow learns a mapping between HR and LR image pairs by modelling the distribution of the LR image and the rest high-frequency component simultaneously.
To further enhance the performance, other losses such as perceptual loss and GAN loss are combined with the commonly used negative log-likelihood loss in training.
arXiv Detail & Related papers (2021-08-11T16:11:01Z) - Characteristic Regularisation for Super-Resolving Face Images [81.84939112201377]
Existing facial image super-resolution (SR) methods focus mostly on improving artificially down-sampled low-resolution (LR) imagery.
Previous unsupervised domain adaptation (UDA) methods address this issue by training a model using unpaired genuine LR and HR data.
This renders the model overstretched with two tasks: consistifying the visual characteristics and enhancing the image resolution.
We formulate a method that joins the advantages of conventional SR and UDA models.
arXiv Detail & Related papers (2019-12-30T16:27:24Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.