46 matches found
3S-Attack: Spatial, Spectral and Semantic Invisible Backdoor Attack against DNN Models
Backdoor attacks involve either poisoning the training data or directly modifying the model in order to implant a hidden behavior, that causes the model to misclassify inputs when a specific trigger is present. During inference, the model maintains high accuracy on benign samples but misclassifie...
Beyond Training-Time Poisoning: Component-Level and Post-Training Backdoors in Deep Reinforcement Learning
Deep Reinforcement Learning DRL systems are increasingly used in safety-critical applications, yet their security remains severely underexplored. This work investigates backdoor attacks, which implant hidden triggers that cause malicious actions only when specific inputs appear in the observation...
When Forgetting Triggers Backdoors: a Clean Unlearning Attack
Machine unlearning has emerged as a key component in ensuring Right to be Forgotten, enabling the removal of specific data points from trained models. However, even when the unlearning is performed without poisoning the forget-set clean unlearning, it can be exploited for stealthy attacks that...
CUBA: Controlled Untargeted Backdoor Attack against Deep Neural Networks
Backdoor attacks have emerged as a critical security threat against deep neural networks in recent years. The majority of existing backdoor attacks focus on targeted backdoor attacks, where trigger is strongly associated to specific malicious behavior. Various backdoor detection methods depend on...
TED-LaST: Towards Robust Backdoor Defense against Adaptive Attacks
Deep Neural Networks DNNs are vulnerable to backdoor attacks, where attackers implant hidden triggers during training to maliciously control model behavior. Topological Evolution Dynamics TED has recently emerged as a powerful tool for detecting backdoor attacks in DNNs. However, TED can be...
TooBadRL: Trigger Optimization to Boost Effectiveness of Backdoor Attacks on Deep Reinforcement Learning
Deep reinforcement learning DRL has achieved remarkable success in a wide range of sequential decision-making domains, including robotics, healthcare, smart grids, and finance. Recent research demonstrates that attackers can efficiently exploit system vulnerabilities during the training phase to...
Heterogeneous Graph Backdoor Attack
Heterogeneous Graph Neural Networks HGNNs excel in modeling complex, multi-typed relationships across diverse domains, yet their vulnerability to backdoor attacks remains unexplored. To address this gap, we conduct the first investigation into the susceptibility of HGNNs to existing graph backdoo...
Merge Hijacking: Backdoor Attacks to Model Merging of Large Language Models
Model merging for Large Language Models LLMs directly fuses the parameters of different models finetuned on various tasks, creating a unified model for multi-domain tasks. However, due to potential vulnerabilities in models available on open-source platforms, model merging is susceptible to...
Poison in the Well: Feature Embedding Disruption in Backdoor Attacks
Backdoor attacks embed malicious triggers into training data, enabling attackers to manipulate neural network behavior during inference while maintaining high accuracy on benign inputs. However, existing backdoor attacks face limitations manifesting in excessive reliance on training data, poor...
BadVLA: Towards Backdoor Attacks on Vision-Language-Action Models Via Objective-Decoupled Optimization
Vision-Language-Action VLA models have advanced robotic control by enabling end-to-end decision-making directly from multimodal inputs. However, their tightly coupled architectures expose novel security vulnerabilities. Unlike traditional adversarial perturbations, backdoor attacks represent a...
A Chaos Driven Metric for Backdoor Attack Detection
The advancement and adoption of Artificial Intelligence AI models across diverse domains have transformed the way we interact with technology. However, it is essential to recognize that while AI models have introduced remarkable advancements, they also present inherent challenges such as their...
Backdoor Attacks against Patch-Based Mixture of Experts
As Deep Neural Networks DNNs continue to require larger amounts of data and computational power, Mixture of Experts MoE models have become a popular choice to reduce computational complexity. This popularity increases the importance of considering the security of MoE architectures. Unfortunately,...
How to Backdoor the Knowledge Distillation
Knowledge distillation has become a cornerstone in modern machine learning systems, celebrated for its ability to transfer knowledge from a large, complex teacher model to a more efficient student model. Traditionally, this process is regarded as secure, assuming the teacher model is clean. This...
SFIBA: Spatial-Based Full-Target Invisible Backdoor Attacks
Multi-target backdoor attacks pose significant security threats to deep neural networks, as they can preset multiple target classes through a single backdoor injection. This allows attackers to control the model to misclassify poisoned samples with triggers into any desired target class during...
Erased but Not Forgotten: How Backdoors Compromise Concept Erasure
The expansion of large-scale text-to-image diffusion models has raised growing concerns about their potential to generate undesirable or harmful content, ranging from fabricated depictions of public figures to sexually explicit images. To mitigate these risks, prior work has devised machine...
BadMoE: Backdooring Mixture-Of-Experts LLMs Via Optimizing Routing Triggers and Infecting Dormant Experts
Mixture-of-Experts MoE have emerged as a powerful architecture for large language models LLMs, enabling efficient scaling of model capacity while maintaining manageable computational costs. The key advantage lies in their ability to route different tokens to different "expert'' networks within th...
Russian organizations targeted by backdoor masquerading as secure networking software updates
As we were looking into a cyberincident in April 2025, we uncovered a rather sophisticated backdoor. It targeted various large organizations in Russia, spanning the government, finance, and industrial sectors. While our investigation into the attack associated with the backdoor is still ongoing, ...
BadApex: Backdoor Attack Based on Adaptive Optimization Mechanism of Black-Box Large Language Models
Previous insertion-based and paraphrase-based backdoors have achieved great success in attack efficacy, but they ignore the text quality and semantic consistency between poisoned and clean texts. Although recent studies introduce LLMs to generate poisoned texts and improve the stealthiness,...
Exploring Backdoor Attack and Defense for LLM-Empowered Recommendations
The fusion of Large Language Models LLMs with recommender systems RecSys has dramatically advanced personalized recommendations and drawn extensive attention. Despite the impressive progress, the safety of LLM-based RecSys against backdoor attacks remains largely under-explored. In this paper, we...
Subverting LLM Coders
Really interesting research: "An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection": Abstract : Large Language Models LLMs have transformed code completion tasks, providing context-based suggestions to boost...