UNICORN: A Unified Backdoor Trigger Inversion Framework. (arXiv:2304.02786v1 [cs.LG])

The backdoor attack, where the adversary uses inputs stamped with triggers
(e.g., a patch) to activate pre-planted malicious behaviors, is a severe threat
to Deep Neural Network (DNN) models. Trigger inversion is an effective way of
identifying backdoor models and understanding embedded adversarial behaviors. A
challenge of trigger inversion is that there are many ways of constructing the
trigger. Existing methods cannot generalize to various types of triggers by
making certain assumptions or attack-specific constraints. The fundamental
reason is that …

adversarial adversary attack backdoor challenge constraints design embedded framework inputs making malicious network neural network patch space threat trigger types understanding unicorn work