Wenbo Jiang
Lecturer

Gender:Male

Education Level:With Certificate of Graduation for Doctorate Study

[MORE]

MOBILE Version

Paper Publications

Current position: homepage > Scientific Research > Paper Publications

Rethinking the Design of Backdoor Triggers and Adversarial Perturbations: A Color Space Perspective

Release time:2025-05-23 Hits:

Affiliation of Author(s):[1] University of Electronic Science and Technology of China, School of Computer Science and Engineering, China; [2] Sichuan University, School of Cyber Science and Engineering, China; [3] Nanyang Technological University, School of Computer Science and Engineering, Singapore, Singapore; [4] University of Technology Sydney, School of Computer Science in the Faculty of Engineering and Information Technology, Sydney, Australia

Journal:IEEE Transactions on Dependable and Secure Computing

Key Words:Deep neural networks - Image compression - Particle swarm optimization (PSO) - Superpixels

Abstract:Deep neural networks (DNNs) are known to be susceptible to various malicious attacks, such as adversarial and backdoor attacks. However, most of these attacks utilize additive adversarial perturbations (or backdoor triggers) within an Lp-norm constraint. They can be easily defeated by image preprocessing strategies, such as image compression and image super-resolution. To address this limitation, instead of using additive adversarial perturbations (or backdoor triggers) in the pixel space, this work revisits the design of adversarial perturbations (or backdoor triggers) from the perspective of color space and conducts a comprehensive analysis. Specifically, we propose a color space backdoor attack and a color space adversarial attack where the color space shift is used as the trigger and perturbation. To find the optimal trigger or perturbation in the black-box scenario, we perform an iterative optimization process with the Particle Swarm Optimization algorithm. Experimental results confirm the robustness of the proposed color space attacks against image preprocessing defenses as well as other mainstream defense methods. In addition, we also design adaptive defense strategies and evaluate their effectiveness against color space attacks. Our work emphasizes the importance of the color space when developing malicious attacks against DNN and urges more research in this area. ? 2004-2012 IEEE.

Document Type:Article in Press

ISSN No.:15455971

Translation or Not:no

Click:

The Last Update Time:..

University of Electronic Science and Technology of China 中文

Address: Shahe Campus:No.4, Section 2, North Jianshe Road, 610054  |  Qingshuihe Campus:No.2006, Xiyuan Ave, West Hi-Tech Zone, 611731  |   Chengdu, Sichuan, P.R.China © 2010 University of Electronic Science and Technology of China. All Rights Reserved