In recent years, person Re-identification (ReID) has rapidly progressed with wide real-world applications, but also poses significant risks of adversarial attacks. In this paper, we focus on the backdoor attack on deep ReID models. Existing backdoor attack methods follow an all-to-one or all-to-all attack scenario, where all the target classes in the test set have already been seen in the training set. However, ReID is a much more complex fine-grained open-set recognition problem, where the identities in the test set are not contained in the training set. Thus, previous backdoor attack methods for classification are not applicable for ReID. To ameliorate this issue, we propose a novel backdoor attack on deep ReID under a new all-to-unknown scenario, called Dynamic Triggers Invisible Backdoor Attack (DT-IBA). Instead of learning fixed triggers for the target classes from the training set, DT-IBA can dynamically generate new triggers for any unknown identities. Specifically, an identity hashing network is proposed to first extract target identity information from a reference image, which is then injected into the benign images by image steganography. We extensively validate the effectiveness and stealthiness of the proposed attack on benchmark datasets, and evaluate the effectiveness of several defense methods against our attack.

翻译：近年来，行人重识别（ReID）在实际应用中发展迅速，但同时也带来了显著的对抗攻击风险。本文聚焦于深度ReID模型的后门攻击。现有后门攻击方法遵循"全对一"或"全对全"攻击场景，即测试集中的所有目标类别在训练集中均已出现。然而，ReID是更为复杂的细粒度开集识别问题，测试集中的身份并不包含在训练集中。因此，以往针对分类任务的后门攻击方法不适用于ReID。为解决该问题，我们提出一种针对深度ReID的全新后门攻击方法——动态触发器隐形后门攻击（DT-IBA），其适用于"全对未知"攻击场景。与从训练集中学习针对目标类别的固定触发器不同，DT-IBA可动态生成针对任意未知身份的新触发器。具体而言，我们提出一种身份哈希网络，首先从参考图像中提取目标身份信息，再通过图像隐写术将其注入良性图像。我们广泛验证了所提攻击在基准数据集上的有效性和隐蔽性，并评估了多种防御方法对此攻击的抵抗效果。