The extensive adoption of Self-supervised learning (SSL) has led to an increased security threat from backdoor attacks. While existing research has mainly focused on backdoor attacks in image classification, there has been limited exploration into their implications for object detection. In this work, we propose the first backdoor attack designed for object detection tasks in SSL scenarios, termed Object Transform Attack (SSL-OTA). SSL-OTA employs a trigger capable of altering predictions of the target object to the desired category, encompassing two attacks: Data Poisoning Attack (NA) and Dual-Source Blending Attack (DSBA). NA conducts data poisoning during downstream fine-tuning of the object detector, while DSBA additionally injects backdoors into the pre-trained encoder. We establish appropriate metrics and conduct extensive experiments on benchmark datasets, demonstrating the effectiveness and utility of our proposed attack. Notably, both NA and DSBA achieve high attack success rates (ASR) at extremely low poisoning rates (0.5%). The results underscore the importance of considering backdoor threats in SSL-based object detection and contribute a novel perspective to the field.

翻译：自监督学习（SSL）的广泛采用带来了后门攻击安全威胁的加剧。现有研究主要关注图像分类中的后门攻击，而对其在目标检测领域的影响探索有限。本文首次提出针对SSL场景下目标检测任务的后门攻击方法，即目标变换攻击（SSL-OTA）。SSL-OTA采用能够将目标对象预测结果篡改为指定类别的触发器，具体包含两种攻击方式：数据投毒攻击（NA）和双源融合攻击（DSBA）。NA在目标检测器的下游微调阶段实施数据投毒，而DSBA则额外向预训练编码器注入后门。我们建立了合适的评估指标，并在基准数据集上进行了广泛实验，证明了所提攻击的有效性与实用性。值得注意的是，NA和DSBA在极低投毒率（0.5%）下均实现了高攻击成功率（ASR）。这些结果凸显了在基于SSL的目标检测中考虑后门威胁的重要性，并为该领域提供了全新视角。