Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation

Tong Wu, Tianhao Wang, Vikash Sehwag, Saeed Mahloujifar, Prateek Mittal

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Recent works have demonstrated that deep learning models are vulnerable to backdoor poisoning attacks, where these attacks instill spurious correlations to external trigger patterns or objects (e.g., stickers, sunglasses, etc.). We find that such external trigger signals are not necessary, as highly effective backdoors can be easily inserted using rotation-based image transformation. Our method constructs the poisoned dataset by rotating a limited amount of objects and labeling them incorrectly; once trained with it, the victim's model will make undesirable predictions during run-Time inference. It exhibits a significantly high attack success rate while maintaining clean performance through comprehensive empirical studies on image classification and object detection tasks. Furthermore, we evaluate standard data augmentation techniques and five different backdoor defenses against our attack and find that none of them can serve as a consistent mitigation approach. Our attack can be easily deployed in the real world since it only requires rotating the object, as shown in both image classification and object detection applications. Overall, our work highlights a new, simple, physically realizable, and highly effective vector for backdoor attacks. Our video demo is available at https://youtu.be/6JIF8wnX34M

Original languageEnglish (US)
Title of host publicationAISec 2022 - Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2022
PublisherAssociation for Computing Machinery, Inc
Pages91-102
Number of pages12
ISBN (Electronic)9781450398800
DOIs
StatePublished - Nov 11 2022
Event15th ACM Workshop on Artificial Intelligence and Security, AISec 2022 - Co-located with CCS 2022 - Los Angeles, United States
Duration: Nov 11 2022 → …

Publication series

NameAISec 2022 - Proceedings of the 15th ACM Workshop on Artificial Intelligence and Security, co-located with CCS 2022

Conference

Conference15th ACM Workshop on Artificial Intelligence and Security, AISec 2022 - Co-located with CCS 2022
Country/TerritoryUnited States
CityLos Angeles
Period11/11/22 → …

All Science Journal Classification (ASJC) codes

  • Artificial Intelligence
  • Computer Networks and Communications
  • Software

Keywords

  • physically realizable attacks
  • rotation backdoor attacks
  • spatial robustness

Fingerprint

Dive into the research topics of 'Just Rotate it: Deploying Backdoor Attacks via Rotation Transformation'. Together they form a unique fingerprint.

Cite this