Geometry-Aware Backdoor Attacks: Leveraging Curvature in Hyperbolic Embeddings

Non-Euclidean foundation models increasingly place representations in curved spaces such as hyperbolic geometry. We show that this geometry creates a boundary-driven asymmetry that backdoor triggers can exploit. Near the boundary, small input changes appear subtle to standard input-space detectors but produce disproportionately large shifts in the model's representation space. Our analysis formalizes this effect and also reveals a limitation for defenses: methods that act by pulling points inward along the radius can suppress such triggers, but only by sacrificing useful model sensitivity in that same direction. Building on these insights, we propose a simple geometry-adaptive trigger and evaluate it across tasks and architectures. Empirically, attack success increases toward the boundary, whereas conventional detectors weaken, mirroring the theoretical trends. Together, these results surface a geometry-specific vulnerability in non-Euclidean models and offer analysis-backed guidance for designing and understanding the limits of defenses.

Key Contributions

• Formal theoretical analysis showing that the boundary of hyperbolic (Poincaré disk) space creates an asymmetry where small input perturbations produce disproportionately large representation shifts, enabling stealthy backdoor triggers
• Geometry-adaptive backdoor trigger design that exploits this boundary-driven amplification to maximize attack success while remaining subtle to standard input-space detectors
• Analysis of the inherent trade-off in radial-pulling defenses: suppressing boundary-region triggers requires sacrificing model sensitivity in the same direction, bounding defensibility

🛡️ Threat Analysis

Details

Similar Papers