Researchers have developed a novel supply-chain attack called Sparse Backdoor, capable of embedding a provably undetectable backdoor into pre-trained image classifiers like convolutional networks and Vision Transformers. The method involves injecting a sparse perturbation into fully connected layers, which is then masked by a Gaussian dither. This dither creates a clean reference distribution, making it computationally infeasible to distinguish the backdoored model from the original, even with white-box access to the parameters. AI
影响 Highlights a new sophisticated attack vector for model supply chains, necessitating enhanced security measures for deployed AI systems.
排序理由 Academic paper detailing a new method for embedding undetectable backdoors in image classification models. [lever_c_demoted from research: ic=1 ai=1.0]
AI 生成摘要 · Google Gemini · 来自 1 个来源。 我们如何撰写摘要 →
