Multi-Objective Backdoor Attack via Evolutionary Algorithm

讲座名称：Multi-Objective Backdoor Attack via Evolutionary Algorithm

讲座人：刘大壮

讲座时间：7月1日11:00

讲座地点：网安大楼A12-1236

讲座人介绍：

刘大壮是荷兰代尔夫特理工大学的博士及博士后研究员。其研究重点聚焦于视觉神经网络的安全性与可解释机器学习，尤其关注后门攻击、对抗样本、越狱攻击及其相应的防御机制。他的研究成果已在 NDSS 和 GECCO 等国际会议上发表，并荣获2022年 GECCO 会议遗传编程分会最佳论文奖；同时他还参与了多项欧盟地平线计划中关于机器学习与信息安全的研究项目。

讲座内容：

Current black-box backdoor attacks on convolutional neural networks typically formulate attack objectives as single-objective optimization problems in a single domain. Designing triggers in a single domain often compromises semantic consistency and trigger robustness while introducing visual and spectral anomalies. This work proposes a multi-objective black-box backdoor attack in dual domains based on an evolutionary algorithm, enabling the simultaneous optimization of multiple attack objectives without requiring prior knowledge of the victim model. In particular, the attack is formulated as a multi-objective optimization problem (MOP) and solved using a multi-objective evolutionary algorithm (MOEA). The MOEA maintains a population of candidate triggers with different trade-offs among attack objectives and employs non-dominated sorting to guide the search toward Pareto-optimal solutions. A preference-based selection strategy is further applied to eliminate impractical trigger candidates. To improve trigger stealthiness, the proposed approach minimizes the discrepancy between clean and poisoned samples in the spectral domain. In addition, robustness against common preprocessing operations is enhanced by encouraging trigger patterns to reside in low-frequency regions. Extensive experiments demonstrate that the proposed method achieves improved attack effectiveness, robustness, natural stealthiness, and spectral stealthiness.

主办单位：信息交叉学部

活动报名二维码：