亚娱体育

讲座人介绍:

刘大壮是荷兰代尔夫特理工亚娱体育官方活动的博士及博士后研究员。其研究重点聚焦于视觉神经网络的安全性与可解释机器学习，尤其关注后门攻击、对抗样本、越狱攻击及其相应的防御机制。他的研究成果已在NDSS和GECCO等国际会议上发表，并荣获2022年GECCO会议遗传编程分会最佳论文奖;同时他还参与了多项欧盟地平线计划中关于机器学习与信息安全的研究项目。

讲座内容:

Current black-box backdoor attacks on convolutional neural networks typically formulate attack objectives as single-objective optimization problems in a single domain. Designing triggers in a single domain often compromises semantic consistency and trigger robustness while introducing visual and spectral anomalies. This work proposes a multi-objective black-box backdoor attack in dual domains based on an evolutionary algorithm, enabling the simultaneous optimization of multiple attack objectives without requiring prior knowledge of the victim model. In particular, theattack is formulated as a multi-objective optimization problem(MOP) and solved using a multi-objective evolutionary algorithm(MOEA). The MOEA maintains a population of candidate triggers with different trade-offs among attack objectives and employs non-dominated sorting to guide the search toward Pareto-optimal solutions. A preference-based selection strategy is further applied to eliminate impractical trigger candidates. To improve trigger stealthiness, the proposed approach minimizes the discrepancybetween clean and poisoned samples in the spectral domain. In addition, robustness against common preprocessing operaions is enhanced by encouraging trigger patterns to reside in low- frequency regions. Extensive experiments demonstrate thhe proposed method achieves improved attack effectiveness, robustness, natural stealthiness, and spectral stealthiness.

主办单位:信息交叉学部

活动报名二维码：