Deep neural networks (DNNs) have shown unprecedented success in object detection tasks. However, it was also discovered that DNNs are vulnerable to multiple kinds of attacks, including Backdoor Attacks. Through the attack, the attacker manages to embed a hidden backdoor into the DNN such that the model behaves normally on benign data samples, but makes attacker-specified judgments given the occurrence of a predefined trigger. Although numerous backdoor attacks have been experimented on image classification, backdoor attacks on object detection tasks have not been properly investigated and explored. As object detection has been adopted as an important module in multiple security-sensitive applications such as autonomous driving, backdoor attacks on object detection could pose even more severe threats. Inspired by the inherent property of deep learning-based object detectors, we propose a simple yet effective backdoor attack method against object detection without modifying the ground truth annotations, specifically focusing on the object disappearance attack and object generation attack. Extensive experiments and ablation studies prove the effectiveness of our attack on two benchmark object detection datasets, PASCAL VOC07+12 and MSCOCO, on which we achieve an attack success rate of more than 92% with a poison rate of only 5%.

翻译：深度神经网络（DNN）在目标检测任务中取得了前所未有的成功。然而，研究也发现DNN易受多种攻击，包括后门攻击。通过此类攻击，攻击者能够将隐藏后门嵌入DNN，使模型在处理良性数据样本时表现正常，但在遇到预设触发器时做出攻击者指定的判断。尽管图像分类领域已有大量关于后门攻击的实验，但针对目标检测任务的后门攻击尚未得到充分研究与探索。由于目标检测已成为自动驾驶等多个安全敏感应用中的重要模块，针对目标检测的后门攻击可能带来更严重的威胁。受基于深度学习的目标检测器固有特性的启发，我们提出一种简洁而有效的后门攻击方法，无需修改真实标注（ground truth annotations），专门聚焦于目标消失攻击与目标生成攻击。大量实验和消融研究证明了该方法在PASCAL VOC07+12和MSCOCO两个基准目标检测数据集上的有效性——在仅5%的投毒率下，攻击成功率超过92%。