Deep neural networks (DNNs) have shown great promise in various domains. Alongside these developments, vulnerabilities associated with DNN training, such as backdoor attacks, are a significant concern. These attacks involve the subtle insertion of triggers during model training, allowing for manipulated predictions. More recently, DNNs for tabular data have gained increasing attention due to the rise of transformer models. Our research presents a comprehensive analysis of backdoor attacks on tabular data using DNNs, particularly focusing on transformer-based networks. Given the inherent complexities of tabular data, we explore the challenges of embedding backdoors. Through systematic experimentation across benchmark datasets, we uncover that transformer-based DNNs for tabular data are highly susceptible to backdoor attacks, even with minimal feature value alterations. Our results indicate nearly perfect attack success rates (approx100%) by introducing novel backdoor attack strategies to tabular data. Furthermore, we evaluate several defenses against these attacks, identifying Spectral Signatures as the most effective one. Our findings highlight the urgency to address such vulnerabilities and provide insights into potential countermeasures for securing DNN models against backdoors on tabular data.

翻译：深度神经网络（DNN）已在多个领域展现出巨大潜力。与此同时，与DNN训练相关的漏洞（如后门攻击）已成为重大隐患。此类攻击通过在模型训练阶段隐蔽植入触发器，实现对预测结果的操纵。近年来，随着Transformer模型的兴起，面向表格数据的DNN日益受到关注。本研究对基于DNN（尤其聚焦Transformer架构）的表格数据后门攻击进行了全面分析。鉴于表格数据的固有复杂性，我们深入探究了植入后门所面临的挑战。通过在多个基准数据集上的系统性实验，我们发现面向表格数据的Transformer网络极易遭受后门攻击，即便仅对特征值进行最小幅度的修改。结果表明，通过引入针对表格数据的新型后门攻击策略，攻击成功率近乎完美（约100%）。此外，我们对多种防御措施进行了评估，发现谱特征（Spectral Signatures）是最有效的防御方法。本研究揭示了解决此类漏洞的紧迫性，并为制定对抗表格数据DNN模型后门的潜在对策提供了重要见解。