加入支持让我们有继续维护的动力!会员畅享查看所有预告
立即购买
Multi-Objective Backdoor Attack via Evolutionary Algorithm
- 来源:
- 学校官网
- 收录时间:
- 2026-07-02 03:07:47
- 时间:
- 2024-07-01 11:00:00
- 地点:
- 网安大楼A12-1236
- 报告人:
- 刘大壮
- 学校:
- 西安电子科技大学
- 关键词:
- backdoor attack, evolutionary algorithm, multi-objective optimization, neural networks, security, stealthiness
- 简介:
- Current black-box backdoor attacks on convolutional neural networks typically formulate attack objectives as single-objective optimization problems in a single domain. Designing triggers in a single domain often compromises semantic consistency and trigger robustness while introducing visual and spectral anomalies. This work proposes a multi-objective black-box backdoor attack in dual domains based on an evolutionary algorithm, enabling the simultaneous optimization of multiple attack objectives without requiring prior knowledge of the victim model.
- -/- 1
报告介绍:
Current black-box backdoor attacks on convolutional neural networks typically formulate attack objectives as single-objective optimization problems in a single domain. Designing triggers in a single domain often compromises semantic consistency and trigger robustness while introducing visual and spectral anomalies. This work proposes a multi-objective black-box backdoor attack in dual domains based on an evolutionary algorithm, enabling the simultaneous optimization of multiple attack objectives without requiring prior knowledge of the victim model. In particular, the attack is formulated as a multi-objective optimization problem (MOP) and solved using a multi-objective evolutionary algorithm (MOEA). The MOEA maintains a population of candidate triggers with different trade-offs among attack objectives and employs non-dominated sorting to guide the search toward Pareto-optimal solutions. A preference-based selection strategy is further applied to eliminate impractical trigger candidates. To improve trigger stealthiness, the proposed approach minimizes the discrepancy between clean and poisoned samples in the spectral domain. In addition, robustness against common preprocessing operations is enhanced by encouraging trigger patterns to reside in low-frequency regions. Extensive experiments demonstrate that the proposed method achieves improved attack effectiveness, robustness, natural stealthiness, and spectral stealthiness.
报告人介绍:
刘大壮是荷兰代尔夫特理工大学的博士及博士后研究员。其研究重点聚焦于视觉神经网络的安全性与可解释机器学习,尤其关注后门攻击、对抗样本、越狱攻击及其相应的防御机制。他的研究成果已在 NDSS 和 GECCO 等国际会议上发表,并荣获2022年 GECCO 会议遗传编程分会最佳论文奖;同时他还参与了多项欧盟地平线计划中关于机器学习与信息安全的研究项目。
报告图片:
购买下会员支持下吧...用爱发电已经很久了 立即购买

