The growing dependence on machine learning in real-world applications
emphasizes the importance of understanding and ensuring its safety. Backdoor
attacks pose a significant security risk due to their stealthy nature and
potentially serious consequences. Such attacks involve embedding triggers
within a learning model with the intention of causing malicious behavior when
an active trigger is present while maintaining regular functionality without
it. This paper evaluates the effectiveness of any backdoor attack incorporating
a constant trigger, by establishing tight lower and upper boundaries for the
performance of the compromised model on both clean and backdoor test data. The
developed theory answers a series of fundamental but previously underexplored
problems, including (1) what are the determining factors for a backdoor
attack's success, (2) what is the direction of the most effective backdoor
attack, and (3) when will a human-imperceptible trigger succeed. Our derived
understanding applies to both discriminative and generative models. We also
demonstrate the theory by conducting experiments using benchmark datasets and
state-of-the-art backdoor attack scenarios.

对于机器学习中的黑门攻击，本文通过建立性能的上下界限来评估任何包含恒定触发器的黑门攻击的有效性，回答了一系列基本但以前未被充分探讨的问题，包括黑门攻击成功的决定因素、最有效的黑门攻击方向以及人类难以察觉的触发器何时会成功。该理论适用于判别模型和生成模型，并通过使用基准数据集和最先进的黑门攻击场景进行实验来证明该理论。