With the thriving of deep learning and the widespread practice of using pre-trained networks, backdoor attacks have become an increasing security threat drawing many research interests in recent years. A third-party model can be poisoned in training to work well in normal conditions but behave maliciously when a trigger pattern appears. However, the existing backdoor attacks are all built on noise perturbation triggers, making them noticeable to humans. In this paper, we instead propose using warping-based triggers. The proposed backdoor outperforms the previous methods in a human inspection test by a wide margin, proving its stealthiness. To make such models undetectable by machine defenders, we propose a novel training mode, called the ``noise mode. The trained networks successfully attack and bypass the state-of-the-art defense methods on standard classification datasets, including MNIST, CIFAR-10, GTSRB, and CelebA. Behavior analyses show that our backdoors are transparent to network inspection, further proving this novel attack mechanism's efficiency.

本文提出了一种基于扭曲触发器的后门攻击以及一种名为“噪声模式”的新型训练模式，旨在使这种攻击机制对机器防御者难以检测，其结果表明，这种后门攻击比先前的方法在人类检测测试中的表现要好得多，并成功地攻击和绕过 MNIST、CIFAR-10、GTSRB 和 CelebA 等标准分类数据集上的最新的防御方法。

WaNet--基于不可察觉畸变的后门攻击