Abstract
Deep neural networks (DNNs) are vulnerable to backdoor attacks, which can leave traces in the model that are detectable by advanced defense methods. In this paper, we examine the limitations of existing backdoor attacks and defense methods, and propose a scapegoat attack framework designed to divert the attention of defenses and shield genuine backdoor attacks from detection. Our framework leverages channel activation manipulation techniques, comprising three key components: scapegoat, infiltrator, and separation. This allows our genuine backdoor attack to successfully evade defense mechanisms and overcome previously impenetrable defenses while maintaining a high attack success rate. The framework is versatile, enabling the creative configuration of base attack and scapegoat setups. We apply the framework in static, dynamic attack, and clean-label attacks scenarios, demonstrating its efficacy against various advanced defense methods on three different datasets.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call