{"id":"https://openalex.org/W3012113073","doi":"https://doi.org/10.1145/3374664.3375751","title":"Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation","display_name":"Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation","publication_year":2020,"publication_date":"2020-03-13","ids":{"openalex":"https://openalex.org/W3012113073","doi":"https://doi.org/10.1145/3374664.3375751","mag":"3012113073"},"language":"en","primary_location":{"id":"doi:10.1145/3374664.3375751","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3374664.3375751","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5049726439","display_name":"Haoti Zhong","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Haoti Zhong","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5038330098","display_name":"Cong Liao","orcid":null},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Cong Liao","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5062519505","display_name":"Anna Squicciarini","orcid":"https://orcid.org/0000-0002-7396-1895"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Anna Cinzia Squicciarini","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101952501","display_name":"Sencun Zhu","orcid":"https://orcid.org/0000-0002-1047-7967"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sencun Zhu","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101739086","display_name":"David J. Miller","orcid":"https://orcid.org/0000-0001-8848-1643"},"institutions":[{"id":"https://openalex.org/I130769515","display_name":"Pennsylvania State University","ror":"https://ror.org/04p491231","country_code":"US","type":"education","lineage":["https://openalex.org/I130769515"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"David Miller","raw_affiliation_strings":["Pennsylvania State University, University Park, PA, USA"],"affiliations":[{"raw_affiliation_string":"Pennsylvania State University, University Park, PA, USA","institution_ids":["https://openalex.org/I130769515"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5049726439"],"corresponding_institution_ids":["https://openalex.org/I130769515"],"apc_list":null,"apc_paid":null,"fwci":12.6181,"has_fulltext":false,"cited_by_count":180,"citation_normalized_percentile":{"value":0.98929946,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"97","last_page":"108"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9930999875068665,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9912999868392944,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/backdoor","display_name":"Backdoor","score":0.9920411109924316},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7892463207244873},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7889248132705688},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.7480689287185669},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5720021724700928},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.5544610619544983},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.544501006603241},{"id":"https://openalex.org/keywords/deep-learning","display_name":"Deep learning","score":0.5404511094093323},{"id":"https://openalex.org/keywords/attack-model","display_name":"Attack model","score":0.4945630729198456},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.46085232496261597}],"concepts":[{"id":"https://openalex.org/C2781045450","wikidata":"https://www.wikidata.org/wiki/Q254569","display_name":"Backdoor","level":2,"score":0.9920411109924316},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7892463207244873},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7889248132705688},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.7480689287185669},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5720021724700928},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5544610619544983},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.544501006603241},{"id":"https://openalex.org/C108583219","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep learning","level":2,"score":0.5404511094093323},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.4945630729198456},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.46085232496261597}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3374664.3375751","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3374664.3375751","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the Tenth ACM Conference on Data and Application Security and Privacy","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","display_name":"Peace, Justice and strong institutions","score":0.800000011920929}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":25,"referenced_works":["https://openalex.org/W9657784","https://openalex.org/W102110531","https://openalex.org/W1524144700","https://openalex.org/W1576278180","https://openalex.org/W1861492603","https://openalex.org/W1995562189","https://openalex.org/W2095577883","https://openalex.org/W2103228545","https://openalex.org/W2108598243","https://openalex.org/W2108948681","https://openalex.org/W2112796928","https://openalex.org/W2145287260","https://openalex.org/W2163605009","https://openalex.org/W2243397390","https://openalex.org/W2417429787","https://openalex.org/W2476429474","https://openalex.org/W2559840118","https://openalex.org/W2603766943","https://openalex.org/W2740711318","https://openalex.org/W2774607536","https://openalex.org/W2775907600","https://openalex.org/W3103836116","https://openalex.org/W3118608800","https://openalex.org/W4252979261","https://openalex.org/W4299828299"],"related_works":["https://openalex.org/W4328003561","https://openalex.org/W2573831620","https://openalex.org/W4328053081","https://openalex.org/W2889233174","https://openalex.org/W3012113073","https://openalex.org/W4391253793","https://openalex.org/W3143283098","https://openalex.org/W4283753393","https://openalex.org/W4214812658","https://openalex.org/W4389911912"],"abstract_inverted_index":{"Deep":[0],"learning":[1,8,51,101],"models":[2,9,52],"have":[3,20],"consistently":[4],"outperformed":[5],"traditional":[6],"machine":[7],"in":[10,24,127,154],"various":[11,183],"classification":[12],"tasks,":[13],"including":[14,29],"image":[15],"classification.":[16],"As":[17],"such,":[18],"they":[19],"become":[21],"increasingly":[22],"prevalent":[23],"many":[25],"real":[26],"world":[27],"applications":[28],"those":[30],"where":[31],"security":[32],"is":[33,91,149],"of":[34,47,68,85,116,135,210,231],"great":[35],"concern.":[36],"Such":[37],"popularity,":[38],"however,":[39],"may":[40],"attract":[41],"attackers":[42],"to":[43,75,92,107],"exploit":[44],"the":[45,48,86,117,133,136,156,186,221,225,232,237],"vulnerabilities":[46],"deployed":[49],"deep":[50,100],"and":[53,94,189,197],"launch":[54],"attacks":[55,193],"against":[56],"security-sensitive":[57],"applications.":[58],"In":[59],"this":[60],"paper,":[61],"we":[62,73,140],"focus":[63],"on":[64,185],"a":[65,77,96,99,113,121,128,146,199,207,215],"specific":[66],"type":[67],"data":[69,235],"poisoning":[70,155],"attack,":[71],"which":[72],"refer":[74],"as":[76],"\\em":[78],"backdoor":[79,97,122,147,164],"injection":[80,123,165,217],"attack.":[81],"The":[82],"main":[83],"goal":[84],"adversary":[87,187,226],"performing":[88],"such":[89,192],"attack":[90,124,161,201],"generate":[93],"inject":[95],"into":[98],"model":[102,170,174,211],"that":[103,148,191],"can":[104,194],"be":[105,195],"triggered":[106],"recognize":[108],"certain":[109],"embedded":[110],"patterns":[111],"with":[112,163,214],"target":[114],"label":[115],"attacker's":[118],"choice.":[119],"Additionally,":[120],"should":[125],"occur":[126],"stealthy":[129],"manner,":[130],"without":[131],"undermining":[132],"efficacy":[134],"victim":[137],"model.":[138,157,239],"Specifically,":[139],"propose":[141],"two":[142,160],"approaches":[143],"for":[144],"generating":[145],"hardly":[150],"perceptible":[151],"yet":[152],"effective":[153,196],"We":[158,176],"consider":[159],"settings,":[162],"carried":[166],"out":[167,178],"either":[168,230],"before":[169],"training":[171,234],"or":[172,236],"during":[173],"updating.":[175],"carry":[177],"extensive":[179],"experimental":[180],"evaluations":[181],"under":[182,220],"assumptions":[184],"model,":[188],"demonstrate":[190],"achieve":[198],"high":[200],"success":[202],"rate":[203],"(above":[204],"90%)":[205],"at":[206],"small":[208,216],"cost":[209],"accuracy":[212],"loss":[213],"rate,":[218],"even":[219],"weakest":[222],"assumption":[223],"wherein":[224],"has":[227],"no":[228],"knowledge":[229],"original":[233],"classifier":[238]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":37},{"year":2024,"cited_by_count":47},{"year":2023,"cited_by_count":32},{"year":2022,"cited_by_count":21},{"year":2021,"cited_by_count":28},{"year":2020,"cited_by_count":11},{"year":2019,"cited_by_count":1}],"updated_date":"2026-03-17T09:09:15.849793","created_date":"2025-10-10T00:00:00"}