Deep neural networks (DNNs) have achieved tremendous success in various applications including video action recognition, yet remain vulnerable to backdoor attacks (Trojans). The backdoor-compromised model will mis-classify to the target class chosen by the attacker when a test instance (from a non-target class) is embedded with a specific trigger, while maintaining high accuracy on attack-free instances. Although there are extensive studies on backdoor attacks against image data, the susceptibility of video-based systems under backdoor attacks remains largely unexplored. Current studies are direct extensions of approaches proposed for image data, e.g., the triggers are independently embedded within the frames, which tend to be detectable by existing defenses. In this paper, we introduce a simple yet effective backdoor attack against video data. Our proposed attack, adding perturbations in a transformed domain, plants an imperceptible, temporally distributed trigger across the video frames, and is shown to be resilient to existing defensive strategies. The effectiveness of the proposed attack is demonstrated by extensive experiments with various well-known models on two video recognition benchmarks, UCF101 and HMDB51, and a sign language recognition benchmark, Greek Sign Language (GSL) dataset. We delve into the impact of several influential factors on our proposed attack and identify an intriguing effect termed "collateral damage" through extensive studies.

翻译：深度神经网络（DNNs）在包括视频动作识别在内的多种应用中取得了巨大成功，但仍易受后门攻击（特洛伊木马）的影响。被后门攻陷的模型会在测试实例（来自非目标类别）嵌入特定触发器时，错误分类为攻击者选择的目标类别，同时对无攻击实例保持高准确率。尽管针对图像数据的后门攻击已有广泛研究，但基于视频的系统在后门攻击下的脆弱性仍未得到充分探索。当前研究是图像数据方法的直接扩展，例如触发器独立嵌入帧中，这种做法容易被现有防御机制检测。本文提出一种针对视频数据的简单而有效的后门攻击方法。我们所提出的攻击在变换域中添加扰动，在视频帧间植入不易察觉的、时序分布的触发器，并证明其能抵御现有防御策略。通过在两个视频识别基准（UCF101和HMDB51）以及一个手语识别基准（希腊手语数据集GSL）上使用多种知名模型进行的大量实验，展示了所提攻击的有效性。我们深入探讨了几种影响因素对所提攻击的影响，并通过广泛研究揭示了一种称为“附带损害”的有趣效应。