Enhancing All-to-X Backdoor Attacks with Optimized Target Class Mapping

Backdoor attacks pose severe threats to machine learning systems, prompting extensive research in this area. However, most existing work focuses on single-target All-to-One (A2O) attacks, overlooking the more complex All-to-X (A2X) attacks with multiple target classes, which are often assumed to have low attack success rates. In this paper, we first demonstrate that A2X attacks are robust against state-of-the-art defenses. We then propose a novel attack strategy that enhances the success rate of A2X attacks while maintaining robustness by optimizing grouping and target class assignment mechanisms. Our method improves the attack success rate by up to 28%, with average improvements of 6.7%, 16.4%, 14.1% on CIFAR10, CIFAR100, and Tiny-ImageNet, respectively. We anticipate that this study will raise awareness of A2X attacks and stimulate further research in this under-explored area. Our code is available at https://github.com/kazefjj/A2X-backdoor .

Key Contributions

• Demonstrates that All-to-X (A2X) multi-target backdoor attacks are robust against state-of-the-art defenses, challenging the assumption of low attack success rates
• Proposes an optimized grouping and target class assignment mechanism that improves A2X attack success rate by up to 28% (avg. 6.7%/16.4%/14.1% on CIFAR-10/CIFAR-100/Tiny-ImageNet)
• Raises awareness of the under-explored A2X attack paradigm as a distinct and more complex threat compared to All-to-One attacks

🛡️ Threat Analysis

Details

Similar Papers