BARWM, a novel backdoor attack approach for real-world deep learning (DL) models deployed on mobile devices. Existing backdoor attacks often suffer from limitations such as altering the model structure or relying on easily detectable, sample-agnostic triggers.
By utilizing DNN-based steganography to generate sample-specific backdoor triggers that are imperceptible, it is able to circumvent these limitations.
The research first extracts real-world DL models from mobile apps and analyzes them to understand their functionality, which are then converted into trainable models while preserving their original behavior.
The core of BARWM lies in its use of a DNN-based steganography technique to generate unique and imperceptible triggers for each input sample, which significantly enhances the stealthiness of the attack as it makes it harder to identify and mitigate.
The authors rigorously evaluate BARWM on four state-of-the-art DNN models and compare its performance with existing methods, including DeepPayload and two other typical backdoor attack approaches.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The results demonstrate that BARWM outperforms these baselines in terms of both attack success rate and stealthiness, as it achieves a higher attack success rate while maintaining the normal performance of the models, and the generated backdoor triggers are significantly more difficult to detect compared to those produced by other methods.
They also conduct experiments on real-world DL models extracted from mobile apps and the results show that BARWM exhibits superior effectiveness and robustness in these real-world scenarios.
The paper presents a significant contribution to the field of backdoor attacks, as BARWM demonstrates the potential for highly effective and stealthy attacks on real-world DL models, highlighting the critical need for robust defense mechanisms to safeguard the security and privacy of these increasingly prevalent systems.
BARWM, a novel backdoor attack technique that leverages DNN-based steganography to generate imperceptible and sample-specific triggers for real-world deep learning models.
By employing a DNN to embed hidden messages within images, BARWM creates unique and nearly undetectable backdoors for each input sample, significantly enhancing the stealthiness of the attack.
A number of different DNN models, including those that were extracted from real-world mobile applications, were subjected to stringent evaluation by the researchers.
Results demonstrate that BARWM outperforms existing methods, achieving higher attack success rates while maintaining the normal performance of the models and significantly improving upon the stealthiness of previous backdoor attacks.
The findings highlight the critical need for robust defense mechanisms to mitigate the growing threat of sophisticated backdoor attacks on increasingly prevalent deep learning systems.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
 models deployed on mobile devices. Existing backdoor attacks){kind=link}