Deep Neural Networks (DNNs) have shown great promise in various domains. Alongside these developments, vulnerabilities associated with DNN training, such as backdoor attacks, are a significant concern. These attacks involve the subtle insertion of triggers during model training, allowing for manipulated predictions.More recently, DNNs for tabular data have gained increasing attention due to the rise of transformer models. Our research presents a comprehensive analysis of backdoor attacks on tabular data using DNNs, particularly focusing on transformers. Given the inherent complexities of tabular data, we explore the challenges of embedding backdoors. Through systematic experimentation across benchmark datasets, we uncover that transformer-based DNNs for tabular data are highly susceptible to backdoor attacks, even with minimal feature value alterations. We also verify that our attack can be generalized to other models, like XGBoost and DeepFM. Our results indicate nearly perfect attack success rates (approximately 100%) by introducing novel backdoor attack strategies to tabular data. Furthermore, we evaluate several defenses against these attacks, identifying Spectral Signatures as the most effective one. Our findings highlight the urgency of addressing such vulnerabilities and provide insights into potential countermeasures for securing DNN models against backdoors in tabular data.

翻译：深度神经网络（DNN）在多个领域展现出巨大潜力。与此同时，与DNN训练相关的漏洞（如后门攻击）成为重大隐患。这类攻击通过在模型训练过程中隐蔽注入触发器，实现对模型预测的操纵。近年来，随着Transformer模型的兴起，针对表格数据的DNN受到广泛关注。本研究首次全面分析了针对表格数据的DNN后门攻击，尤其聚焦于Transformer架构。考虑到表格数据固有的复杂性，我们深入探索了嵌入后门的挑战。通过在基准数据集上的系统实验，我们发现基于Transformer的表格数据DNN极易遭受后门攻击，即使仅对特征值进行最小幅度的修改。我们同时验证了该攻击可推广至XGBoost与DeepFM等其他模型。研究结果显示，通过为表格数据引入新型后门攻击策略，攻击成功率近乎完美（约100%）。此外，我们评估了多种针对此类攻击的防御方法，发现频谱签名是最有效的防御手段。本研究表明解决此类漏洞的紧迫性，并为保护表格数据DNN模型免受后门攻击提供了潜在对策见解。