Invisible backdoor learning in regional transform domain

Minaee S, Boykov YY, Porikli F, Plaza AJ, Kehtarnavaz N, Terzopoulos D (2021) Image segmentation using deep learning: a survey. IEEE Trans Pattern Anal Mach Intell 44:3523–3542

Ganaie MA, Hu M, Malik A, Tanveer M, Suganthan P (2022) Ensemble deep learning: a review. Eng Appl Artif Intell 115:105151

Singh SP, Kumar A, Darbari H, Singh L, Rastogi A, Jain S (2017) Machine translation using deep learning: an overview. In: 2017 International conference on computer, communications and electronics (comptelix). IEEE, pp 162–167

Fujiyoshi H, Hirakawa T, Yamashita T (2019) Deep learning-based image recognition for autonomous driving. IATSS Res 43(4):244–252

Zhao R, Yan R, Chen Z, Mao K, Wang P, Gao RX (2019) Deep learning and its applications to machine health monitoring. Mech Syst Signal Process 115:213–237

Gu T, Liu K, Dolan-Gavitt B, Garg S (2019) BadNets: evaluating backdooring attacks on deep neural networks. IEEE Access 7:47230–47244. https://doi.org/10.1109/ACCESS.2019.2909068

Nguyen TA, Tran A (2020) Input-aware dynamic backdoor attack. Adv Neural Inf Process Syst 33:3454–3464

Salem A, Wen R, Backes M, Ma S, Zhang Y (2022) Dynamic backdoor attacks against machine learning models. In: 2022 IEEE 7th European symposium on security and privacy (EuroS &P). IEEE, pp 703–718

Li Y, Zhai T, Wu B, Jiang Y, Li Z, Xia S (2020) Rethinking the trigger of backdoor attack. arXiv preprint arXiv:2004.04692

Zou M, Shi Y, Wang C, Li F, Song W, Wang Y (2018) Potrojan: powerful neural-level trojan designs in deep learning models. arXiv preprint arXiv:1802.03043

Yao Y, Li H, Zheng H, Zhao BY (2019) Latent backdoor attacks on deep neural networks. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security, pp 2041–2055

Chen X, Liu C, Li B, Lu K, Song D (2017) Targeted backdoor attacks on deep learning systems using data poisoning. arXiv preprint arXiv:1712.05526

Bagdasaryan E, Veit A, Hua Y, Estrin D, Shmatikov V (2020) How to backdoor federated learning. In: International conference on artificial intelligence and statistics. PMLR, pp 2938–2948

Liu Y, Ma X, Bailey J, Lu F (2020) Reflection backdoor: a natural backdoor attack on deep neural networks. In: European conference on computer vision. Springer, pp 182–199

Hendrycks D, Zhao K, Basart S, Steinhardt J, Song D (2021) Natural adversarial examples. In: Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pp 15262–15271

Turner A, Tsipras D, Madry A (2019) Label-consistent backdoor attacks. arXiv preprint arXiv:1912.02771

Li S, Xue M, Zhao BZH, Zhu H, Zhang X (2020) Invisible backdoor attacks on deep neural networks via steganography and regularization. IEEE Trans Depend Secure Comput 18(5):2088–2105

Kwon H, Kim Y (2022) Blindnet backdoor: attack on deep neural network using blind watermark. Multimed Tools Appl 81(5):6217–6234

Chou E, Tramer F, Pellegrino G SentiNet: detecting localized universal attacks against deep learning systems. In: 2020 IEEE security and privacy workshops (SPW). IEEE, pp 48–54. https://doi.org/10.1109/SPW50608.2020.00025. Accessed 07 Mar 2022

Doan BG, Abbasnejad E, Ranasinghe DC (2020) Februus: input purification defense against trojan attacks on deep neural network systems. In: Annual computer security applications conference, pp 897–912. https://doi.org/10.1145/3427228.3427264

Gao Y, Xu C, Wang D, Chen S, Ranasinghe DC, Nepal S (2019) Strip: a defence against trojan attacks on deep neural networks. In: Proceedings of the 35th annual computer security applications conference, pp 113–125

Sarkar E, Alkindi Y, Maniatakos M (2020) Backdoor suppression in neural networks using input fuzzing and majority voting. IEEE Des Test 37(2):103–110

Kwon H (2020) Detecting backdoor attacks via class difference in deep neural networks. IEEE Access 8:191049–191056. https://doi.org/10.1109/ACCESS.2020.3032411

Fu H, Veldanda AK, Krishnamurthy P, Garg S, Khorrami F (2022) Detecting backdoors in neural networks using novel feature-based anomaly detection, vol 10, pp 5545–5558 arXiv:2011.02526. https://doi.org/10.1109/ACCESS.2022.3141077. Accessed 17 Mar 2022

Krizhevsky A, Hinton G et al (2009) Learning multiple layers of features from tiny images

Houben S, Stallkamp J, Salmen J, Schlipsing M, Igel C (2013) Detection of traffic signs in real-world images: the German traffic sign detection benchmark. In: International joint conference on neural networks

Kumar N, Berg AC, Belhumeur PN, Nayar SK (2009) Attribute and simile classifiers for face verification. In: 2009 IEEE 12th international conference on computer vision. IEEE, pp 365–372

Wang B, Yao Y, Shan S, Li H, Viswanath B, Zheng H, Zhao BY (2019) Neural cleanse: identifying and mitigating backdoor attacks in neural networks. In: 2019 IEEE symposium on security and privacy (SP). IEEE, pp 707–723. https://doi.org/10.1109/SP.2019.00031. Accessed 07 Mar 2022

Liu Y, Lee W-C, Tao G, Ma S, Aafer Y, Zhang X (2019) ABS: scanning neural networks for back-doors by artificial brain stimulation. In: Proceedings of the 2019 ACM SIGSAC conference on computer and communications security. ACM, pp 1265–1282. https://doi.org/10.1145/3319535.3363216. Accessed 07 Mar 2022

Chattopadhay A, Sarkar A, Howlader P, Balasubramanian VN (2018) Grad-cam++: generalized gradient-based visual explanations for deep convolutional networks. In: 2018 IEEE winter conference on applications of computer vision (WACV). IEEE, pp 839–847

Barni M, Kallas K, Tondi B (2019) A new backdoor attack in CNNs by training set corruption without label poisoning. arXiv:abs/1902.11237. Accessed 28 June 2022

Wang T, Yao Y, Xu F, An S, Tong H, Wang T (2021) Backdoor attack through frequency domain. arXiv:abs/2111.10991. Accessed 18 2022-10-18