How to Inject Backdoors with Better Consistency: Logit Anchoring on Clean Data. (arXiv:2109.01300v2 [cs.LG] UPDATED)

Since training a large-scale backdoored model from scratch requires a large
training dataset, several recent attacks have considered to inject backdoors
into a trained clean model without altering model behaviors on the clean data.
Previous work finds that backdoors can be injected into a trained clean model
with Adversarial Weight Perturbation (AWP). Here AWPs refers to the variations
of parameters that are small in backdoor learning. In this work, we observe an
interesting phenomenon that the variations of parameters are …

backdoors data lg