{"id":"https://openalex.org/W4390577972","doi":"https://doi.org/10.1109/tifs.2024.3349869","title":"On Model Outsourcing Adaptive Attacks to Deep Learning Backdoor Defenses","display_name":"On Model Outsourcing Adaptive Attacks to Deep Learning Backdoor Defenses","publication_year":2024,"publication_date":"2024-01-01","ids":{"openalex":"https://openalex.org/W4390577972","doi":"https://doi.org/10.1109/tifs.2024.3349869"},"language":"en","primary_location":{"id":"doi:10.1109/tifs.2024.3349869","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3349869","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103240401","display_name":"Huaibing Peng","orcid":"https://orcid.org/0009-0001-7323-9093"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Huaibing Peng","raw_affiliation_strings":["School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5039324800","display_name":"Huming Qiu","orcid":"https://orcid.org/0009-0004-5385-9414"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Huming Qiu","raw_affiliation_strings":["School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Computer Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5114928939","display_name":"Hua Ma","orcid":"https://orcid.org/0000-0002-9069-7731"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Hua Ma","raw_affiliation_strings":["School of Electrical and Electronics Engineering, The University of Adelaide, Adelaide, SA, Australia","Data61, CSIRO, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Electronics Engineering, The University of Adelaide, Adelaide, SA, Australia","institution_ids":["https://openalex.org/I5681781"]},{"raw_affiliation_string":"Data61, CSIRO, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100400133","display_name":"Shuo Wang","orcid":"https://orcid.org/0000-0001-8938-2364"},"institutions":[{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Shuo Wang","raw_affiliation_strings":["Data61, CSIRO, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5048592388","display_name":"Anmin Fu","orcid":"https://orcid.org/0000-0002-1632-5737"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Anmin Fu","raw_affiliation_strings":["School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing, China"],"affiliations":[{"raw_affiliation_string":"School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5053660700","display_name":"Said F. Al-Sarawi","orcid":"https://orcid.org/0000-0002-3242-8197"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Said F. Al-Sarawi","raw_affiliation_strings":["School of Electrical and Electronics Engineering, The University of Adelaide, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Electronics Engineering, The University of Adelaide, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5040978000","display_name":"Derek Abbott","orcid":"https://orcid.org/0000-0002-0945-2674"},"institutions":[{"id":"https://openalex.org/I5681781","display_name":"University of Adelaide","ror":"https://ror.org/00892tw58","country_code":"AU","type":"education","lineage":["https://openalex.org/I5681781"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Derek Abbott","raw_affiliation_strings":["School of Electrical and Electronics Engineering, The University of Adelaide, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"School of Electrical and Electronics Engineering, The University of Adelaide, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I5681781"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5067969908","display_name":"Yansong Gao","orcid":"https://orcid.org/0000-0001-6029-5064"},"institutions":[{"id":"https://openalex.org/I42894916","display_name":"Data61","ror":"https://ror.org/03q397159","country_code":"AU","type":"other","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I42894916","https://openalex.org/I4387156119"]},{"id":"https://openalex.org/I1292875679","display_name":"Commonwealth Scientific and Industrial Research Organisation","ror":"https://ror.org/03qn8fb07","country_code":"AU","type":"funder","lineage":["https://openalex.org/I1292875679","https://openalex.org/I2801453606","https://openalex.org/I4387156119"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yansong Gao","raw_affiliation_strings":["Data61, CSIRO, Eveleigh, NSW, Australia"],"affiliations":[{"raw_affiliation_string":"Data61, CSIRO, Eveleigh, NSW, Australia","institution_ids":["https://openalex.org/I42894916","https://openalex.org/I1292875679"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5103240401"],"corresponding_institution_ids":["https://openalex.org/I36399199"],"apc_list":null,"apc_paid":null,"fwci":3.2855,"has_fulltext":false,"cited_by_count":9,"citation_normalized_percentile":{"value":0.92428078,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":94,"max":99},"biblio":{"volume":"19","issue":null,"first_page":"2356","last_page":"2369"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12122","display_name":"Physical Unclonable Functions (PUFs) and Hardware Security","score":0.948199987411499,"subfield":{"id":"https://openalex.org/subfields/1708","display_name":"Hardware and Architecture"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9476000070571899,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9912295341491699},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7940272092819214},{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.7783344984054565},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7072817087173462},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6799148917198181},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5042020082473755},{"id":"https://openalex.org/keywords/outsourcing","display_name":"Outsourcing","score":0.4912557005882263},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4237220883369446},{"id":"https://openalex.org/keywords/deep-neural-networks","display_name":"Deep neural networks","score":0.4168659746646881},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.4119580388069153},{"id":"https://openalex.org/keywords/business","display_name":"Business","score":0.08895742893218994}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9912295341491699},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7940272092819214},{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.7783344984054565},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7072817087173462},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6799148917198181},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5042020082473755},{"id":"https://openalex.org/C46934059","wikidata":"https://www.wikidata.org/wiki/Q61515","display_name":"Outsourcing","level":2,"score":0.4912557005882263},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4237220883369446},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.4168659746646881},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.4119580388069153},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.08895742893218994},{"id":"https://openalex.org/C162853370","wikidata":"https://www.wikidata.org/wiki/Q39809","display_name":"Marketing","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/tifs.2024.3349869","is_oa":false,"landing_page_url":"https://doi.org/10.1109/tifs.2024.3349869","pdf_url":null,"source":{"id":"https://openalex.org/S61310614","display_name":"IEEE Transactions on Information Forensics and Security","issn_l":"1556-6013","issn":["1556-6013","1556-6021"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Transactions on Information Forensics and Security","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G5663473917","display_name":null,"funder_award_id":"62072239","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G6632032882","display_name":null,"funder_award_id":"ISN24-15","funder_id":"https://openalex.org/F4320330485","funder_display_name":"State Key Laboratory of Integrated Services Networks"},{"id":"https://openalex.org/G7884758391","display_name":null,"funder_award_id":"62002167","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G913869186","display_name":null,"funder_award_id":"62372236","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320330485","display_name":"State Key Laboratory of Integrated Services Networks","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":80,"referenced_works":["https://openalex.org/W2067713319","https://openalex.org/W2112796928","https://openalex.org/W2194775991","https://openalex.org/W2302255633","https://openalex.org/W2748789698","https://openalex.org/W2797455600","https://openalex.org/W2934843808","https://openalex.org/W2963564844","https://openalex.org/W2966689772","https://openalex.org/W2971661634","https://openalex.org/W2985913519","https://openalex.org/W2986013765","https://openalex.org/W2990270730","https://openalex.org/W2996800219","https://openalex.org/W3010216907","https://openalex.org/W3015678314","https://openalex.org/W3042368254","https://openalex.org/W3044223678","https://openalex.org/W3083185154","https://openalex.org/W3096024389","https://openalex.org/W3106646114","https://openalex.org/W3107337211","https://openalex.org/W3112001526","https://openalex.org/W3114686421","https://openalex.org/W3114838227","https://openalex.org/W3116515605","https://openalex.org/W3118608800","https://openalex.org/W3127616799","https://openalex.org/W3135345339","https://openalex.org/W3140988292","https://openalex.org/W3152758407","https://openalex.org/W3175215793","https://openalex.org/W3188362651","https://openalex.org/W3195614649","https://openalex.org/W3208328782","https://openalex.org/W4214537185","https://openalex.org/W4214680449","https://openalex.org/W4221145075","https://openalex.org/W4252979261","https://openalex.org/W4288057770","https://openalex.org/W4289300166","https://openalex.org/W4297779775","https://openalex.org/W4298140072","https://openalex.org/W4307535425","https://openalex.org/W4307964213","https://openalex.org/W4312280786","https://openalex.org/W4317927978","https://openalex.org/W4319653550","https://openalex.org/W4323655037","https://openalex.org/W4324007135","https://openalex.org/W4367663504","https://openalex.org/W4383221538","https://openalex.org/W4386495194","https://openalex.org/W4387623692","https://openalex.org/W4388867373","https://openalex.org/W4391667254","https://openalex.org/W6743581629","https://openalex.org/W6746286392","https://openalex.org/W6750462152","https://openalex.org/W6750463028","https://openalex.org/W6756074407","https://openalex.org/W6756333562","https://openalex.org/W6766313860","https://openalex.org/W6766336336","https://openalex.org/W6774549192","https://openalex.org/W6775678023","https://openalex.org/W6781420246","https://openalex.org/W6784558051","https://openalex.org/W6787959460","https://openalex.org/W6787972765","https://openalex.org/W6792327856","https://openalex.org/W6799444384","https://openalex.org/W6803053407","https://openalex.org/W6809627489","https://openalex.org/W6809873772","https://openalex.org/W6810593300","https://openalex.org/W6845886309","https://openalex.org/W6847153587","https://openalex.org/W6850353503","https://openalex.org/W6856676437"],"related_works":["https://openalex.org/W4225614914","https://openalex.org/W4297632144","https://openalex.org/W3106646114","https://openalex.org/W4308244459","https://openalex.org/W4221166349","https://openalex.org/W4226092343","https://openalex.org/W4200628936","https://openalex.org/W4389518867","https://openalex.org/W4225678119","https://openalex.org/W2969023901"],"abstract_inverted_index":{"Deep":[0],"learning":[1],"models":[2,118,284],"with":[3,120,204],"backdoors":[4,51],"act":[5],"maliciously":[6],"when":[7,56,200],"triggered":[8],"but":[9],"seem":[10],"normal":[11],"otherwise.":[12],"This":[13,39,158,264],"risk,":[14],"often":[15],"increased":[16],"by":[17,77,93],"model":[18,82,269],"outsourcing,":[19],"challenges":[20],"their":[21,27,59,63,115],"secure":[22],"use.":[23],"Although":[24],"countermeasures":[25],"exist,":[26],"defense":[28],"against":[29],"adaptive":[30,111,248,276],"attacks":[31],"is":[32,41,69],"under-examined,":[33],"possibly":[34],"leading":[35,102],"to":[36,74,162,275],"security":[37],"misjudgments.":[38],"study":[40,141,265],"the":[42,47,94,183,188,193,220,224,234,244,280],"first":[43,245],"intricate":[44],"examination":[45],"illustrating":[46],"difficulty":[48],"of":[49,192,223,282],"detecting":[50],"in":[52,154,202,237],"outsourced":[53],"models,":[54],"especially":[55],"attackers":[57,73],"adjust":[58],"strategies,":[60,112],"even":[61,113],"if":[62],"capabilities":[64,123],"are":[65],"significantly":[66],"limited.":[67],"It":[68],"relatively":[70],"straightforward":[71,231],"for":[72,187,243],"circumvent":[75],"detection":[76,103,166,184],"trivially":[78],"violating":[79],"its":[80],"threat":[81,117],"(e.g.,":[83,124],"using":[84,109,125],"advanced":[85],"backdoor":[86,165,271],"types":[87],"or":[88],"trigger":[89,148,226],"designs":[90],"not":[91],"covered":[92],"detection).":[95],"However,":[96],"this":[97,140],"research":[98],"highlights":[99],"that":[100,146,267],"various":[101],"defenses":[104,167,206,272],"can":[105],"simultaneously":[106],"be":[107,137,286],"evaded":[108,251],"simple":[110],"under":[114,207],"defined":[116],"and":[119,151,177,219,260,278],"limited":[121],"adversary":[122],"easily":[126],"detectable":[127],"triggers":[128],"while":[129],"maintaining":[130],"a":[131,143,155,212],"high":[132,213],"attack":[133,214,249],"success":[134,215],"rate).":[135],"To":[136],"more":[138],"specific,":[139],"introduces":[142],"novel":[144],"methodology":[145],"employs":[147],"specificity":[149],"enhancement":[150],"training":[152],"regulation":[153],"symbiotic":[156],"manner.":[157],"approach":[159],"allows":[160],"us":[161],"evade":[163],"multiple":[164],"simultaneously,":[168],"including":[169,256],"Neural":[170],"Cleanse":[171],"(Oakland":[172,179],"19\u2019),":[173,176],"ABS":[174],"(CCS":[175],"MNTD":[178],"21\u2019).":[180],"These":[181],"were":[182],"tools":[185],"selected":[186],"Evasive":[189],"Trojans":[190],"Track":[191],"2022":[194],"NeurIPS":[195,238],"Trojan":[196,239],"Detection":[197,240],"Challenge.":[198,241],"Even":[199],"applied":[201],"conjunction":[203],"these":[205],"stringent":[208],"conditions,":[209],"such":[210],"as":[211],"rate":[216],"(>":[217],"97%)":[218],"restricted":[221],"use":[222,281],"simplest":[225],"(small":[227],"white":[228],"square),":[229],"our":[230,247],"method":[232],"garnered":[233],"second":[235],"prize":[236],"Notably,":[242],"time,":[246],"successfully":[250],"other":[252],"recent":[253],"state-of-the-art":[254],"defenses,":[255],"FeatureRE":[257],"(NeurIPS":[258],"22\u2019)":[259],"Beatrix":[261],"(NDSS":[262],"23\u2019).":[263],"suggests":[266],"existing":[268],"outsourcing":[270],"remain":[273],"vulnerable":[274],"attacks,":[277],"thus,":[279],"third-party":[283],"should":[285],"avoided":[287],"whenever":[288],"possible.":[289]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":6},{"year":2024,"cited_by_count":2}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}