| CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01); G06F 21/56 (2013.01); G06F 30/20 (2020.01); G06F 2221/034 (2013.01)] | 15 Claims |
|
1. A method for security assessment of a warping-based backdoor attack, the method comprising:
receiving, by a warping unit, a clean image as an input;
outputting, by the warping unit, a warped backdoor image;
training a backdoor model using the warped backdoor image;
detecting and issuing a warning about a backdoor risk in response to an attack, based on the backdoor model,
wherein the warping unit is configured to deform an image by applying geometric transformation, wherein the geometric transformation is performed by at least one method selected from the group consisting of affine, projective, elastic, and non-elastic;
generating, by a simulator, a warping field;
receiving, by the warping unit, the clean image and the warping field as inputs and outputting the warped backdoor image; and
training, by the simulator, the backdoor model by using the warped backdoor image,
wherein the generating the warping field comprises:
determining control points, wherein the simulator is configured to:
select target points on a uniform grid of a predetermined size over the entire clean image; and
generate a backward warping field of the selected target points;
upsample by interpolating an interpolated warping field of the entire clean image from the control points by applying a bicubic interpolation; and
clip the interpolated warping field to generate the warping field.
|