Deep Neural Networks (DNNs) have shown great promise in various domains. Alongside these developments, vulnerabilities associated with DNN training, such as backdoor attacks, are a significant concern. These attacks involve the subtle insertion of triggers during model training, allowing for manipulated predictions. More recently, DNNs for tabular data have gained increasing attention due to the rise of transformer models. Our research presents a comprehensive analysis of backdoor attacks on tabular data using DNNs, mainly focusing on transformers. We also propose a novel approach for trigger construction: an in-bounds attack, which provides excellent attack performance while maintaining stealthiness. Through systematic experimentation across benchmark datasets, we uncover that transformer-based DNNs for tabular data are highly susceptible to backdoor attacks, even with minimal feature value alterations. We also verify that our attack can be generalized to other models, like XGBoost and DeepFM. Our results demonstrate up to 100% attack success rate with negligible clean accuracy drop. Furthermore, we evaluate several defenses against these attacks, identifying Spectral Signatures as the most effective. Nevertheless, our findings highlight the need to develop tabular data-specific countermeasures to defend against backdoor attacks.
翻译:深度神经网络(DNN)在多个领域展现了巨大潜力。与此同时,与DNN训练相关的漏洞(如后门攻击)已成为重大隐患。这类攻击通过在模型训练中隐蔽地插入触发器,实现对抗性操纵的预测结果。近年来,随着Transformer模型的兴起,针对表格数据的深度神经网络日益受到关注。本研究对基于DNN的表格数据后门攻击进行了系统分析,并以Transformer为主要研究对象。我们提出了一种创新的触发器构建方法——边界内攻击,该方法在保持隐蔽性的同时实现了卓越的攻击性能。通过基准数据集的系统实验,我们发现基于Transformer的表格数据深度神经网络极易遭受后门攻击,即使仅对特征值进行最小程度的修改也无法幸免。我们进一步验证了该攻击可泛化至其他模型(如XGBoost和DeepFM)。实验结果显示,攻击成功率可达100%,且干净样本准确率几乎无下降。此外,我们评估了多种防御措施,发现频谱特征法最为有效。尽管如此,研究结果仍凸显了开发面向表格数据的专用防御机制以抵御后门攻击的必要性。