Deep neural networks (DNNs) are susceptible to backdoor attacks, where malicious functionality is embedded allow attackers trigger incorrect classifications. Old-school attacks use strong features that can easily be learned by victim models. Despite robustness against input variation, the however increases likelihood of unintentional activations. This leaves traces existing defenses, which find approximate replacements for original triggers activate without being identical via, e.g., reverse engineering and sample overlay. In this paper, we propose investigate a new characteristic namely, exclusivity, measures ability remain effective in presence variation. Building upon concept Backdoor Exclusivity LifTing (BELT), novel technique suppresses association between fuzzy enhance exclusivity defense evasion. Extensive evaluation on three popular benchmarks validate, our approach substantially enhances stealthiness four old-school which, after lifting, able evade six state-of-the-art countermeasures, at almost no cost attack success rate normal utility. For example, one earliest BadNet, enhanced BELT, evades most defenses including ABS MOTH would otherwise recognize backdoored model.

Load

Load