This GitHub repository contains an updated list of Federated Learning papers as of March 24, 2025.
- The resources are collected from various sources, including arXiv, NeurIPS, ICML, ICLR, ACL, EMNLP, AAAI, IJCAI, KDD, CVPR, ICCV, ECCV, NIPS, IEEE, ACM, Springer, ScienceDirect, Wiley, Nature, Science, and other top AI/ML conferences and journals.
- For a better reading experience, visit the Shinyapps website.
Explore additional research papers on the following topics:
- For Large Language Models papers, please visit the LLM Repository.
- For Backdoor Learning papers, please visit the Backdoor Learning Repository.
- For Federated Learning papers, please visit the Federated Learning Repository.
- For Machine Unlearning papers, please visit the Machine Unlearning Repository.
For contributions, inquiries, or suggestions, feel free to reach out via email.
If you find this application helpful and would like to support its development, you can buy me a coffee using one of the following methods:
- Techcombank (Vietnam): 5877 5555 55 (Nguyen Thi Lan Phuong)
- PayPal or Credit/Debit Card: https://ko-fi.com/miutheladycat
Due to GitHub repository limitations, this section includes only those papers that provide accompanying code, sorted by publish date. For access to the full list of papers, please visit the Shinyapps website.
| No. | Title | Authors | Publish Date | Venue | Code | URL |
|---|---|---|---|---|---|---|
| 1 | Detecting Backdoor Attacks in Federated Learning via Direction Alignment Inspection | Jiahao Xu, Zikai Zhang, Rui Hu | 2025-03-13 | arXiv:2503.07978, 2025 | https://github.com/JiiahaoXU/AlignIns | http://arxiv.org/abs/2503.07978v1 |
| 2 | CBW: Towards Dataset Ownership Verification for Speaker Verification via Clustering-based Backdoor Watermarking | Yiming Li, Kaiying Yan, Shuo Shao, Tongqing Zhai, Shu-Tao Xia, Zhan Qin, Dacheng Tao | 2025-03-02 | arXiv …, 2025 | https://github.com/Radiant0726/CBW | http://arxiv.org/abs/2503.05794v2 |
| 3 | Gungnir: Exploiting Stylistic Features in Images for Backdoor Attacks on Diffusion Models | Yu Pan, Bingrong Dai, Jiahao Chen, Lin Wang, Yi Du, Jiao Liu | 2025-03-01 | arXiv | https://github.com/paoche11/Gungnir | https://doi.org/10.48550/arXiv.2502.20650 |
| 4 | BadRefSR: Backdoor Attacks Against Reference-based Image Super Resolution | Xue Yang, Tao Chen, Lei Guo, Wenbo Jiang, Ji Guo, Yongming Li, Jiaming He | 2025-03-01 | arXiv …, 2025 | https://github.com/xuefusiji/BadRefSR | http://arxiv.org/abs/2502.20943v1 |
| 5 | Char-mander Use mBackdoor! A Study of Cross-lingual Backdoor Attacks in Multilingual LLMs | Himanshu Beniwal, Sailesh Panda, Mayank Singh | 2025-02-25 | arXiv | https://github.com/himanshubeniwal/X-BAT | https://doi.org/10.48550/arXiv.2502.16901 |
| 6 | REFINE: Inversion-Free Backdoor Defense via Model Reprogramming | Yukun Chen, Shuo Shao, Enhao Huang, Yiming Li, Pin-Yu Chen, Zhan Qin, Kui Ren | 2025-02-22 | arXiv | https://github.com/THUYimingLi/BackdoorBox | http://arxiv.org/abs/2502.18508v1 |
| 7 | DemonAgent: Dynamically Encrypted Multi-Backdoor Implantation Attack on LLM-based Agent | Pengyu Zhu, Zhenhong Zhou, Yuanhe Zhang, Shilinlu Yan, Kun Wang, Sen Su | 2025-02-20 | arXiv | https://github.com/whfeLingYu/DemonAgent | https://doi.org/10.48550/arXiv.2502.12575 |
| 8 | BackdoorDM: A Comprehensive Benchmark for Backdoor Learning in Diffusion Model | Weilin Lin, Nanjun Zhou, Yanyun Wang, Jianze Li, Hui Xiong, Li Liu | 2025-02-19 | arXiv …, 2025 | https://github.com/linweiii/BackdoorDM | http://arxiv.org/abs/2502.11798v1 |
| 9 | BoT: Breaking Long Thought Processes of o1-like Large Language Models through Backdoor Attack | Zihao Zhu, Hongbao Zhang, Mingda Zhang, Ruotong Wang, Guanzong Wu, Ke Xu, Baoyuan Wu | 2025-02-17 | arXiv | https://github.com/zihao-ai/BoT | https://doi.org/10.48550/arXiv.2502.12202 |
| 10 | Revisiting the Auxiliary Data in Backdoor Purification | Shaokui Wei, Shanchao Yang, Jiayin Liu, Hongyuan Zha | 2025-02-13 | arXiv:2502.07231, 2025 | https://github.com/shawkui/BackdoorBenchER | http://arxiv.org/abs/2502.07231v1 |
| 11 | Detecting Backdoor Samples in Contrastive Language Image Pretraining | Hanxun Huang, Sarah Erfani, Yige Li, Xingjun Ma, James Bailey | 2025-02-05 | arXiv:2502.01385, 2025 | https://github.com/HanxunH/Detect-CLIP-Backdoor-Samples | http://arxiv.org/abs/2502.01385v1 |
| 12 | Model Supply Chain Poisoning: Backdooring Pre-trained Models via Embedding Indistinguishability | Hao Wang, Shangwei Guo, Jialing He, Hangcheng Liu, Tianwei Zhang, Tao Xiang | 2025-01-30 | THE WEB CONFERENCE … | https://github.com/haowang-cqu/TransTroj | http://arxiv.org/abs/2401.15883v2 |
| 13 | UNIDOOR: A Universal Framework for Action-Level Backdoor Attacks in Deep Reinforcement Learning | Oubo Ma, Linkang Du, Yang Dai, Chunyi Zhou, Qingming Li, Yuwen Pu, Shouling Ji | 2025-01-27 | arXiv | https://github.com/maoubo/UNIDOOR | https://doi.org/10.48550/arXiv.2501.15529 |
| 14 | Exploring Backdoor Vulnerabilities of Chat Models | Yunzhuo Hao, Wenkai Yang, Yankai Lin | 2025-01-21 | … of the 31st International Conference on …, 2025 | https://github.com/hychaochao/Chat-Models-Backdoor-Attacking | http://arxiv.org/abs/2404.02406v1 |
| 15 | Energy Backdoor Attack to Deep Neural Networks | Hanene F. Z. Brachemi Meftah, Wassim Hamidouche, Sid Ahmed Fezza, Olivier Déforges, Kassem Kallas | 2025-01-17 | arXiv | https://github.com/hbrachemi/energy_backdoor | https://doi.org/10.48550/arXiv.2501.08152 |
| 16 | Backdoor Token Unlearning: Exposing and Defending Backdoors in Pretrained Language Models | Peihai Jiang, Xixiang Lyu, Yige Li, Jing Ma | 2025-01-06 | arXiv:2501.03272, 2025 | https://github.com/XDJPH/BTU | http://arxiv.org/abs/2501.03272v1 |
| 17 | Vertical Federated Unlearning via Backdoor Certification | Mengde Han, Tianqing Zhu, Lefeng Zhang, Huan Huo, Wanlei Zhou | 2024-12-16 | arXiv | https://github.com/mengde-han/VFL-unlearn | http://arxiv.org/abs/2412.11476v1 |
| 18 | Backdoor Attacks against No-Reference Image Quality Assessment Models via A Scalable Trigger | Yi Yu, Song Xia, Xun Lin, Wenhan Yang, Shijian Lu, Yap-peng Tan, Alex Kot | 2024-12-12 | arXiv …, 2024 | https://github.com/yuyi-sd/BAIQA | http://arxiv.org/abs/2412.07277v1 |
| 19 | PBP: Post-training Backdoor Purification for Malware Classifiers | Dung Thuy Nguyen, Ngoc N. Tran, Taylor T. Johnson, Kevin Leach | 2024-12-06 | arXiv …, 2024 | https://github.com/judydnguyen/pbp-backdoor-purification-official | http://arxiv.org/abs/2412.03441v3 |
| 20 | Gracefully Filtering Backdoor Samples for Generative Large Language Models without Retraining | Zongru Wu, Pengzhou Cheng, Lingyong Fang, Zhuosheng Zhang, Gongshen Liu | 2024-12-05 | arXiv:2412.02454, 2024 | https://github.com/ZrW00/GraceFul | http://arxiv.org/abs/2412.02454v1 |
| 21 | Perturb and Recover: Fine-tuning for Effective Backdoor Removal from CLIP | Naman Deep Singh, Francesco Croce, Matthias Hein | 2024-12-02 | arXiv:2412.00727, 2024 | https://github.com/nmndeep/PerturbAndRecover | http://arxiv.org/abs/2412.00727v2 |
| 22 | BAN: Detecting Backdoors Activated by Adversarial Neuron Noise | Xiaoyun Xu, Zhuoran Liu, Stefanos Koffas, Shujian Yu, Stjepan Picek | 2024-11-07 | The Thirty-eighth Annual Conference … | https://github.com/xiaoyunxxy/ban | http://arxiv.org/abs/2405.19928v2 |
| 23 | Identify Backdoored Model in Federated Learning via Individual Unlearning | Jiahao Xu, Zikai Zhang, Rui Hu | 2024-11-02 | arXiv:2411.01040, 2024 | https://github.com/JiiahaoXU/MASA | http://arxiv.org/abs/2411.01040v1 |
| 24 | Expose Before You Defend: Unifying and Enhancing Backdoor Defenses via Exposed Models | Yige Li, Hanxun Huang, Jiaming Zhang, Xingjun Ma, Yu-Gang Jiang | 2024-10-26 | arXiv:2410.19427, 2024 | https://github.com/bboylyg/Expose-Before-You-Defend | http://arxiv.org/abs/2410.19427v1 |
| 25 | Adversarially Guided Stateful Defense Against Backdoor Attacks in Federated Deep Learning | Hassan Ali, Surya Nepal, Salil S. Kanhere, Sanjay K. Jha | 2024-10-16 | arXiv | https://github.com/hassanalikhatim/AGSD | https://doi.org/10.48550/arXiv.2410.11205 |
| 26 | Agent Security Bench (ASB): Formalizing and Benchmarking Attacks and Defenses in LLM-based Agents | Hanrong Zhang, Jingyuan Huang, Kai Mei, Yifei Yao, Zhenting Wang, Chenlu Zhan, Hongwei Wang, Yongfeng Zhang | 2024-10-04 | arXiv …, 2024 | https://github.com/agiresearch/ASB | http://arxiv.org/abs/2410.02644v1 |
| 27 | BACKTIME: Backdoor Attacks on Multivariate Time Series Forecasting | Xiao Lin, Zhining Liu, Dongqi Fu, Ruizhong Qiu, Hanghang Tong | 2024-10-03 | arXiv | https://github.com/xiaolin-cs/BackTime | https://doi.org/10.48550/arXiv.2410.02195 |
| 28 | BadCM: Invisible Backdoor Attack Against Cross-Modal Learning | Zheng Zhang, Xu Yuan, Lei Zhu, Jingkuan Song, Liqiang Nie | 2024-10-03 | IEEE Transactions on Image Processing | https://github.com/xandery-geek/BadCM | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10478868 |
| 29 | Claim-Guided Textual Backdoor Attack for Practical Applications | Minkyoo Song, Hanna Kim, Jaehan Kim, Youngjin Jin, Seungwon Shin | 2024-09-27 | arXiv | https://github.com/PaperCGBA/CGBA | https://doi.org/10.48550/arXiv.2409.16618 |
| 30 | Obliviate: Neutralizing Task-agnostic Backdoors within the Parameter-efficient Fine-tuning Paradigm | Jaehan Kim, Minkyoo Song, Seung Ho Na, Seungwon Shin | 2024-09-22 | arXiv:2409.14119, 2024 | https://github.com/obliviateARR/Obliviate | http://arxiv.org/abs/2409.14119v3 |
| 31 | TERD: A Unified Framework for Safeguarding Diffusion Models Against Backdoors | Yichuan Mo, Hui Huang, Mingjie Li, Ang Li, Yisen Wang | 2024-09-09 | International Conference on Machine Learning 2024 | https://github.com/PKU-ML/TERD | http://arxiv.org/abs/2409.05294v1 |
| 32 | Exploiting the Vulnerability of Large Language Models via Defense-Aware Architectural Backdoor | Abdullah Arafat Miah, Yu Bi | 2024-09-03 | arXiv | https://github.com/SiSL-URI/Arch_Backdoor_LLM | http://arxiv.org/abs/2409.01952v2 |
| 33 | NoiseAttack: An Evasive Sample-Specific Multi-Targeted Backdoor Attack Through White Gaussian Noise | Abdullah Arafat Miah, Kaan Icer, Resit Sendag, Yu Bi | 2024-09-03 | arXiv | https://github.com/SiSL-URI/NoiseAttack/tree/main | https://doi.org/10.48550/arXiv.2409.02251 |
| 34 | Defending Text-to-image Diffusion Models: Surprising Efficacy of Textual Perturbations Against Backdoor Attacks | Oscar Chew, Po-Yi Lu, Jayden Lin, Hsuan-Tien Lin | 2024-08-28 | arXiv | https://github.com/oscarchew/t2i-backdoor-defense | https://doi.org/10.48550/arXiv.2408.15721 |
| 35 | VFLIP: A Backdoor Defense for Vertical Federated Learning via Identification and Purification | Yungi Cho, Woorim Han, Miseon Yu, Younghan Lee, Ho Bae, Yunheung Paek | 2024-08-28 | arXiv | https://github.com/blingcho/VFLIP-esorics24 | http://arxiv.org/abs/2408.15591v2 |
| 36 | BackdoorLLM: A Comprehensive Benchmark for Backdoor Attacks on Large Language Models | Yige Li, Hanxun Huang, Yunhan Zhao, Xingjun Ma, Jun Sun | 2024-08-23 | arXiv | https://github.com/bboylyg/BackdoorLLM | https://doi.org/10.48550/arXiv.2408.12798 |
| 37 | On the Credibility of Backdoor Attacks Against Object Detectors in the Physical World | Bao Gia Doan, Dang Quang Nguyen, Callum Lindquist, Paul Montague, Tamas Abraham, Olivier De Vel, Seyit Camtepe, Salil S. Kanhere, Ehsan Abbasnejad, Damith C. Ranasinghe | 2024-08-22 | arXiv | https://backdoordetectors.github.io/ | https://doi.org/10.48550/arXiv.2408.12122 |
| 38 | Towards Physical World Backdoor Attacks against Skeleton Action Recognition | Qichen Zheng, Yi Yu, Siyuan Yang, Jun Liu, Kwok-Yan Lam, Alex ChiChung Kot | 2024-08-16 | arXiv | https://qichenzheng.github.io/psba-website | https://doi.org/10.48550/arXiv.2408.08671 |
| 39 | BAPLe: Backdoor Attacks on Medical Foundational Models Using Prompt Learning | Asif Hanif, Fahad Shamshad, Muhammad Awais, Muzammal Naseer, Fahad Shahbaz Khan, Karthik Nandakumar, Salman H. Khan, Rao Muhammad Anwer | 2024-08-14 | MICCAI | https://asif-hanif.github.io/baple/ | https://doi.org/10.1007/978-3-031-72390-2_42 |
| 40 | Diff-Cleanse: Identifying and Mitigating Backdoor Attacks in Diffusion Models | Jiang Hao, Xiao Jin, Hu Xiaoguang, Chen Tianyou, Zhao Jiajia | 2024-07-31 | arXiv | https://github.com/shymuel/diff-cleanse | https://doi.org/10.48550/arXiv.2407.21316 |
| 41 | BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning | Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu, Shaokui Wei, Danni Yuan, Mingli Zhu, Ruotong Wang, Li Liu, Chao Shen | 2024-07-29 | NeurIPS 2022 Datasets and Benchmarks | https://backdoorbench.github.io | http://arxiv.org/abs/2407.19845v1 |
| 42 | Towards Clean-Label Backdoor Attacks in the Physical World | Thinh Dao, Cuong Chi Le, Khoa D. Doan, Kok-Seng Wong | 2024-07-27 | arXiv | https://github.com/21thinh/Clean-Label-Physical-Backdoor-Attacks | https://doi.org/10.48550/arXiv.2407.19203 |
| 43 | Flatness-aware Sequential Learning Generates Resilient Backdoors | Hoang Pham, The-Anh Ta, Anh Tran, Khoa D. Doan | 2024-07-20 | arXiv | https://github.com/mail-research/SBL-resilient-backdoors | http://arxiv.org/abs/2407.14738v1 |
| 44 | IPA-NeRF: Illusory Poisoning Attack Against Neural Radiance Fields | Wenxiang Jiang, Hanwei Zhang, Shuo Zhao, Zhongwen Guo, Hao Wang | 2024-07-16 | arXiv | https://github.com/jiang-wenxiang/IPA-NeRF | http://arxiv.org/abs/2407.11921v2 |
| 45 | UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening | Siyuan Cheng, Guangyu Shen, Kaiyuan Zhang, Guanhong Tao, Shengwei An, Hanxi Guo, Shiqing Ma, Xiangyu Zhang | 2024-07-16 | arXiv | https://github.com/Megum1/UNIT | http://arxiv.org/abs/2407.11372v1 |
| 46 | Defending Against Repetitive-based Backdoor Attacks on Semi-supervised Learning through Lens of Rate-Distortion-Perception Trade-off | Cheng-Yi Lee, Ching-Chia Kao, Cheng-Han Yeh, Chun-Shien Lu, Chia-Mu Yu, Chu-Song Chen | 2024-07-14 | arXiv | https://github.com/chengyi-chris/UPure | https://doi.org/10.48550/arXiv.2407.10180 |
| 47 | Distributed Backdoor Attacks on Federated Graph Learning and Certified Defenses | Yuxin Yang, Qiang Li, Jinyuan Jia, Yuan Hong, Binghui Wang | 2024-07-12 | CCS | https://github.com/Yuxin104/Opt-GDBA | https://doi.org/10.1145/3658644.3690187 |
| 48 | Event Trojan: Asynchronous Event-Based Backdoor Attacks | Ruofei Wang, Qing Guo, Haoliang Li, Renjie Wan | 2024-07-09 | ECCV | https://github.com/rfww/EventTrojan | https://doi.org/10.1007/978-3-031-72667-5_18 |
| 49 | T2IShield: Defending Against Backdoors on Text-to-Image Diffusion Models | Zhongqi Wang, Jie Zhang, Shiguang Shan, Xilin Chen | 2024-07-05 | arXiv | https://github.com/Robin-WZQ/T2IShield | http://arxiv.org/abs/2407.04215v2 |
| 50 | Venomancer: Towards Imperceptible and Target-on-Demand Backdoor Attacks in Federated Learning | Son Nguyen, Thinh Nguyen, Khoa D. Doan, Kok-Seng Wong | 2024-07-03 | arXiv | https://github.com/nguyenhongson1902/Venomancer | https://doi.org/10.48550/arXiv.2407.03144 |
| 51 | A Whole-Process Certifiably Robust Aggregation Method Against Backdoor Attacks in Federated Learning | Anqi Zhou, Yezheng Liu, Yidong Chai, Hongyi Zhu, Xinyue Ge, Yuanchun Jiang, Meng Wang | 2024-06-30 | arXiv | https://github.com/brick-brick/WPCRAM | https://doi.org/10.48550/arXiv.2407.00719 |
| 52 | Backdooring Bias into Text-to-Image Models | Ali Naseh, Jaechul Roh, Eugene Bagdasaryan, Amir Houmansadr | 2024-06-21 | arXiv | https://github.com/jrohsc/Backdororing_Bias | http://arxiv.org/abs/2406.15213v2 |
| 53 | BadAgent: Inserting and Activating Backdoor Attacks in LLM Agents | Yifei Wang, Dizhan Xue, Shengjie Zhang, Shengsheng Qian | 2024-06-05 | ACL | https://github.com/DPamK/BadAgent | https://doi.org/10.18653/v1/2024.acl-long.530 |
| 54 | Invisible Backdoor Attacks on Diffusion Models | Sen Li, Junchi Ma, Minhao Cheng | 2024-06-02 | arXiv | https://github.com/invisibleTriggerDiffusion/invisible_triggers_for_diffusion | https://doi.org/10.48550/arXiv.2406.00816 |
| 55 | Mitigating Backdoor Attack by Injecting Proactive Defensive Backdoor | Shaokui Wei, Hongyuan Zha, Baoyuan Wu | 2024-05-25 | arXiv | https://github.com/shawkui/Proactive_Defensive_Backdoor | https://doi.org/10.48550/arXiv.2405.16112 |
| 56 | Towards Imperceptible Backdoor Attack in Self-supervised Learning | Hanrong Zhang, Zhenting Wang, Tingxu Han, Mingyu Jin, Chenlu Zhan, Mengnan Du, Hongwei Wang, Shiqing Ma | 2024-05-23 | arXiv | https://github.com/Zhang-Henry/IMPERATIVE | https://doi.org/10.48550/arXiv.2405.14672 |
| 57 | EmInspector: Combating Backdoor Attacks in Federated Self-Supervised Learning Through Embedding Inspection | Yuwen Qian, Shuchi Wu, Kang Wei, Ming Ding, Di Xiao, Tao Xiang, Chuan Ma, Song Guo | 2024-05-21 | arXiv | https://github.com/ShuchiWu/EmInspector | https://doi.org/10.48550/arXiv.2405.13080 |
| 58 | Nearest is Not Dearest: Towards Practical Defense Against Quantization-Conditioned Backdoor Attacks | Boheng Li, Yishuo Cai, Haowei Li, Feng Xue, Zhifeng Li, Yiming Li | 2024-05-21 | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/AntigoneRandy/QuantBackdoor_EFRAP | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10654821 |
| 59 | Not All Prompts Are Secure: A Switchable Backdoor Attack Against Pre-trained Vision Transfomers | Sheng Yang, Jiawang Bai, Kuofeng Gao, Yong Yang, Yiming Li, Shu-Tao Xia | 2024-05-17 | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/20000yshust/SWARM | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10657336 |
| 60 | IBD-PSC: Input-level Backdoor Detection via Parameter-oriented Scaling Consistency | Linshan Hou, Ruili Feng, Zhongyun Hua, Wei Luo, Leo Yu Zhang, Yiming Li | 2024-05-16 | arXiv | https://github.com/THUYimingLi/BackdoorBox | http://arxiv.org/abs/2405.09786v3 |
| 61 | Beyond Traditional Threats: A Persistent Backdoor Attack on Federated Learning | Tao Liu, Yuhang Zhang, Zhu Feng, Zhiqin Yang, Chen Xu, Dapeng Man, Wu Yang | 2024-04-26 | AAAI | https://github.com/PhD-TaoLiu/FCBA | https://doi.org/10.1609/aaai.v38i19.30131 |
| 62 | Backdoor Contrastive Learning via Bi-level Trigger Optimization | Weiyu Sun, Xinyu Zhang, Hao Lu, Yingcong Chen, Ting Wang, Jinghui Chen, Lu Lin | 2024-04-11 | arXiv | https://github.com/SWY666/SSL-backdoor-BLTO | http://arxiv.org/abs/2404.07863v1 |
| 63 | How to Craft Backdoors with Unlabeled Data Alone? | Yifei Wang, Wenhan Ma, Stefanie Jegelka, Yisen Wang | 2024-04-10 | arXiv | https://github.com/PKU-ML/nlb | http://arxiv.org/abs/2404.06694v2 |
| 64 | UFID: A Unified Framework for Input-level Backdoor Detection on Diffusion Models | Zihan Guan, Mengxuan Hu, Sheng Li, Anil Vullikanti | 2024-04-01 | arXiv | https://github.com/GuanZihan/official_UFID | http://arxiv.org/abs/2404.01101v1 |
| 65 | Privacy Backdoors: Stealing Data with Corrupted Pretrained Models | Shanglun Feng, Florian Tramèr | 2024-03-30 | arXiv | https://github.com/ShanglunFengatETHZ/PrivacyBackdoor | http://arxiv.org/abs/2404.00473v1 |
| 66 | Generating Potent Poisons and Backdoors from Scratch with Guided Diffusion | Hossein Souri, Arpit Bansal, Hamid Kazemi, Liam Fowl, Aniruddha Saha, Jonas Geiping, Andrew Gordon Wilson, Rama Chellappa, Tom Goldstein, Micah Goldblum | 2024-03-25 | arXiv | https://github.com/hsouri/GDP | http://arxiv.org/abs/2403.16365v1 |
| 67 | Lotus: Evasive and Resilient Backdoor Attacks through Sub-Partitioning | Siyuan Cheng, Guanhong Tao, Yingqi Liu, Guangyu Shen, Shengwei An, Shiwei Feng, Xiangzhe Xu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang | 2024-03-25 | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/Megum1/LOTUS | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10657315 |
| 68 | Mask-Based Invisible Backdoor Attacks on Object Detection | Jeongjin Shin | 2024-03-20 | 2024 IEEE International Conference on Image Processing (ICIP) | https://github.com/jeongjin0/invisible-backdoor-object-detection | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10647450 |
| 69 | Backdoor Secrets Unveiled: Identifying Backdoor Data with Optimized Scaled Prediction Consistency | Soumyadeep Pal, Yuguang Yao, Ren Wang, Bingquan Shen, Sijia Liu | 2024-03-15 | arXiv | https://github.com/OPTML-Group/BackdoorMSPC | http://arxiv.org/abs/2403.10717v1 |
| 70 | Acquiring Clean Language Models from Backdoor Poisoned Datasets by Downscaling Frequency Space | Zongru Wu, Zhuosheng Zhang, Pengzhou Cheng, Gongshen Liu | 2024-02-19 | OpenReview | https://github.com/ZrW00/MuScleLoRA | http://arxiv.org/abs/2402.12026v3 |
| 71 | Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection | Jiawei Liang, Siyuan Liang, Aishan Liu, Xiaojun Jia, Junhao Kuang, Xiaochun Cao | 2024-02-18 | ICLR | https://github.com/JWLiang007/PFF | https://openreview.net/forum?id=8iTpB4RNvP |
| 72 | Watch Out for Your Agents! Investigating Backdoor Threats to LLM-Based Agents | Wenkai Yang, Xiaohan Bi, Yankai Lin, Sishuo Chen, Jie Zhou, Xu Sun | 2024-02-17 | arXiv | https://github.com/lancopku/agent-backdoor-attacks | http://arxiv.org/abs/2402.11208v2 |
| 73 | Test-Time Backdoor Attacks on Multimodal Large Language Models | Dong Lu, Tianyu Pang, Chao Du, Qian Liu, Xianjun Yang, Min Lin | 2024-02-13 | arXiv | https://sail-sg.github.io/AnyDoor/ | https://doi.org/10.48550/arXiv.2402.08577 |
| 74 | OrderBkd: Textual Backdoor Attack Through Repositioning | Irina Alekseevskaia, Konstantin Arkhipenko | 2024-02-12 | 2023 Ivannikov Ispras Open Conference (ISPRAS) | https://github.com/alekseevskaia/OrderBkd | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10508175 |
| 75 | Shortcuts Everywhere and Nowhere: Exploring Multi-Trigger Backdoor Attacks | Yige Li, Jiabo He, Hanxun Huang, Jun Sun, Xingjun Ma, Yu-Gang Jiang | 2024-01-27 | arXiv | https://github.com/bboylyg/Multi-Trigger-Backdoor-Attacks | http://arxiv.org/abs/2401.15295v3 |
| 76 | Toward Stealthy Backdoor Attacks Against Speech Recognition via Elements of Sound | Hanbo Cai, Pengcheng Zhang, Hai Dong, Yan Xiao, Stefanos Koffas, Yiming Li | 2024 | IEEE Transactions on Information Forensics and Security | https://github.com/HanboCai/BadSpeech_SoE | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10538215 |
| 77 | TextGuard: Provable Defense against Backdoor Attacks on Text Classification | Hengzhi Pei, Jinyuan Jia, Wenbo Guo, Bo Li, Dawn Song | 2024 | NDSS | https://github.com/AI-secure/TextGuard | https://www.ndss-symposium.org/ndss-paper/textguard-provable-defense-against-backdoor-attacks-on-text-classification/ |
| 78 | FLTracer: Accurate Poisoning Attack Provenance in Federated Learning | Xinyu Zhang, Qingyu Liu, Zhongjie Ba, Yuan Hong, Tianhang Zheng, Feng Lin, Li Lu, Kui Ren | 2024 | IEEE Transactions on Information Forensics and Security | https://github.com/Eyr3/FLTracer | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10549523 |
| 79 | Resisting Backdoor Attacks in Federated Learning via Bidirectional Elections and Individual Perspective | Zhen Qin, Feiyi Chen, Chen Zhi, Xueqiang Yan, Shuiguang Deng | 2024 | AAAI | https://github.com/zhenqincn/Snowball | https://doi.org/10.1609/aaai.v38i13.29385 |
| 80 | PoisonPrompt: Backdoor Attack on Prompt-Based Large Language Models | Hongwei Yao, Jian Lou, Zhan Qin | 2024 | ICASSP 2024 - 2024 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) | https://github.com/grasses/PoisonPrompt | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10446267 |
| 81 | OCGEC: One-class Graph Embedding Classification for DNN Backdoor Detection | Haoyu Jiang, Haiyang Yu, Nan Li, Ping Yi | 2024 | 2024 International Joint Conference on Neural Networks (IJCNN) | https://github.com/jhy549/OCGEC | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10650468 |
| 82 | Motif-Backdoor: Rethinking the Backdoor Attack on Graph Neural Networks via Motifs | Haibin Zheng, Haiyang Xiong, Jinyin Chen, Haonan Ma, Guohan Huang | 2024 | IEEE Transactions on Computational Social Systems | https://github.com/Seaocn/Motif-Backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10108961 |
| 83 | Link-Backdoor: Backdoor Attack on Link Prediction via Node Injection | Haibin Zheng, Haiyang Xiong, Haonan Ma, Guohan Huang, Jinyin Chen | 2024 | IEEE Transactions on Computational Social Systems | https://github.com/Seaocn/Link-Backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10087329 |
| 84 | Imperceptible and Robust Backdoor Attack in 3D Point Cloud | Kuofeng Gao, Jiawang Bai, Baoyuan Wu, Mengxi Ya, Shu-Tao Xia | 2024 | IEEE Transactions on Information Forensics and Security | https://github.com/KuofengGao/IRBA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10319836 |
| 85 | FlowMur: A Stealthy and Practical Audio Backdoor Attack with Limited Knowledge | Jiahe Lan, Jie Wang, Baochen Yan, Zheng Yan, Elisa Bertino | 2024 | 2024 IEEE Symposium on Security and Privacy (SP) | https://github.com/cristinalan/FlowMur | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10646645 |
| 86 | Backdoor Attack With Sparse and Invisible Trigger | Yinghua Gao, Yiming Li, Xueluan Gong, Zhifeng Li, Shu-Tao Xia, Qian Wang | 2024 | IEEE Transactions on Information Forensics and Security | https://github.com/YinghuaGao/SIBA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10552303 |
| 87 | Efficient Backdoor Attacks for Deep Neural Networks in Real-world Scenarios | Hong Sun, Ziqiang Li, Pengfei Xia, Heng Li, Beihao Xia, Yi Wu, Bin Li | 2024 | arXiv | https://github.com/sunh1113/Efficient-backdoor-attacks-for-deep-neural-networks-in-real-world-scenarios | https://doi.org/10.48550/arXiv.2306.08386 |
| 88 | Defending Against Data and Model Backdoor Attacks in Federated Learning | H. Wang, X. Mu, D. Wang, Q. Xu, K. Li | 2024 | IEEE Internet of Things Journal | https://github.com/whwh456/TSF | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10559965 |
| 89 | Defending Against Backdoor Attacks by Quarantine Training | Chengxu Yu, Yulai Zhang | 2024 | IEEE Access | https://github.com/Chengx-Yu/Quarantine-Training | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10400485 |
| 90 | BadCLIP: Trigger-Aware Prompt Learning for Backdoor Attacks on CLIP | Jiawang Bai, Kuofeng Gao, Shaobo Min, Shu-Tao Xia, Zhifeng Li, Wei Liu | 2024 | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/jiawangbai/BadCLIP | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10655223 |
| 91 | BadCLIP: Dual-Embedding Guided Backdoor Attack on Multimodal Contrastive Learning | Siyuan Liang, Mingli Zhu, Aishan Liu, Baoyuan Wu, Xiaochun Cao, Ee-Chien Chang | 2024 | 2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/LiangSiyuan21/BadCLIP | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10658003 |
| 92 | Backdooring Multimodal Learning | X. Han, Y. Wu, Q. Zhang, Y. Zhou, Y. Xu, H. Qiu, G. Xu, T. Zhang | 2024 | 2024 IEEE Symposium on Security and Privacy (SP) | https://github.com/multimodalbags/BAGS_Multimodal | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10646608 |
| 93 | Backdoor Learning: A Survey | Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia | 2024 | IEEE Transactions on Neural Networks and Learning Systems | https://github.com/THUYimingLi/backdoor-learning-resources | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9802938 |
| 94 | BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models | Jordan Vice, Naveed Akhtar, Richard I. Hartley, Ajmal Mian | 2024 | IEEE Transactions on Information Forensics and Security | https://github.com/JJ-Vice/BAGM | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10494544 |
| 95 | A Closer Look at Robustness of Vision Transformers to Backdoor Attacks | Akshayvarun Subramanya, Soroush Abbasi Koohpayegani, Aniruddha Saha, Ajinkya Tejankar, Hamed Pirsiavash | 2024 | 2024 IEEE/CVF Winter Conference on Applications of Computer Vision (WACV) | https://github.com/UCDvision/backdoor_transformer | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10483723 |
| 96 | UltraClean: A Simple Framework to Train Robust Neural Networks against Backdoor Attacks | Bingyin Zhao, Yingjie Lao | 2023-12-17 | arXiv | https://github.com/bxz9200/UltraClean | https://doi.org/10.48550/arXiv.2312.10657 |
| 97 | Effective Backdoor Mitigation Depends on the Pre-training Objective | Sahil Verma, Gantavya Bhatt, Avi Schwarzschild, Soumye Singhal, Arnav Mohanty Das, Chirag Shah, John P Dickerson, Jeff Bilmes | 2023-11-25 | arXiv | https://neurips2023-bugs.github.io/ | http://arxiv.org/abs/2311.14948v3 |
| 98 | Towards Stable Backdoor Purification through Feature Shift Tuning | Rui Min, Zeyu Qin, Li Shen, Minhao Cheng | 2023-10-03 | arXiv | https://github.com/AISafety-HKUST/stable_backdoor_purification | http://arxiv.org/abs/2310.01875v3 |
| 99 | Backdooring Textual Inversion for Concept Censorship | Yutong Wu, Jie Zhang, Florian Kerschbaum, Tianwei Zhang | 2023-08-21 | arXiv | https://concept-censorship.github.io | http://arxiv.org/abs/2308.10718v2 |
| 100 | XGBD: Explanation-Guided Graph Backdoor Detection | Zihan Guan, Mengnan Du, Ninghao Liu | 2023-08-08 | arXiv | https://github.com/GuanZihan/GNN_backdoor_detection | http://arxiv.org/abs/2308.04406v1 |
| 101 | TIJO: Trigger Inversion with Joint Optimization for Defending Multimodal Backdoored Models | Indranil Sur, Karan Sikka, Matthew Walmer, Kaushik Koneripalli, Anirban Roy, Xiao Lin, Ajay Divakaran, Susmit Jha | 2023-08-07 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/SRI-CSL/TIJO | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10378402 |
| 102 | Backdooring Instruction-Tuned Large Language Models with Virtual Prompt Injection | Jun Yan, Vikas Yadav, Shiyang Li, Lichang Chen, Zheng Tang, Hai Wang, Vijay Srinivasan, Xiang Ren, Hongxia Jin | 2023-07-31 | arXiv | https://poison-llm.github.io | http://arxiv.org/abs/2307.16888v3 |
| 103 | You Can Backdoor Personalized Federated Learning | Tiandi Ye, Cen Chen, Yinggui Wang, Xiang Li, Ming Gao | 2023-07-29 | ACM Trans. Knowl. Discov. Data 2024 | https://github.com/BapFL/code | http://arxiv.org/abs/2307.15971v2 |
| 104 | Beating Backdoor Attack at Its Own Game | Min Liu, Alberto L. Sangiovanni-Vincentelli, Xiangyu Yue | 2023-07-28 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/damianliumin/non-adversarial_backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10378513 |
| 105 | Adversarial Feature Map Pruning for Backdoor | Dong Huang, Qingwen Bu | 2023-07-21 | arXiv | https://github.com/retsuh-bqw/FMP | http://arxiv.org/abs/2307.11565v2 |
| 106 | Towards Stealthy Backdoor Attacks against Speech Recognition via Elements of Sound | Hanbo Cai, Pengcheng Zhang, Hai Dong, Yan Xiao, Stefanos Koffas, Yiming Li | 2023-07-17 | arXiv | https://github.com/HanboCai/BadSpeech_SoE | https://doi.org/10.48550/arXiv.2307.08208 |
| 107 | Differential Analysis of Triggers and Benign Features for Black-Box DNN Backdoor Detection | Hao Fu, Prashanth Krishnamurthy, Siddharth Garg, Farshad Khorrami | 2023-07-11 | IEEE Transactions on Information Forensics and Security | https://github.com/fu1001hao/Five-Metrics-Detector | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10187163 |
| 108 | Bkd-FedGNN: A Benchmark for Classification Backdoor Attacks on Federated Graph Neural Network | Fan Liu, Siqi Lai, Yansong Ning, Hao Liu | 2023-06-17 | arXiv | https://github.com/usail-hkust/BkdFedGCN | https://doi.org/10.48550/arXiv.2306.10351 |
| 109 | DHBE: Data-free Holistic Backdoor Erasing in Deep Neural Networks via Restricted Adversarial Distillation | Zhicong Yan, Shenghong Li, Ruijie Zhao, Yuan Tian, Yuanyuan Zhao | 2023-06-13 | arXiv | https://github.com/yanzhicong/DHBE | http://arxiv.org/abs/2306.08009v1 |
| 110 | NOTABLE: Transferable Backdoor Attacks Against Prompt-based NLP Models | Kai Mei, Zheng Li, Zhenting Wang, Yang Zhang, Shiqing Ma | 2023-05-28 | ACL | https://github.com/RU-System-Software-and-Security/Notable | https://doi.org/10.18653/v1/2023.acl-long.867 |
| 111 | Reconstructive Neuron Pruning for Backdoor Defense | Yige Li, Xixiang Lyu, Xingjun Ma, Nodens Koren, Lingjuan Lyu, Bo Li, Yu-Gang Jiang | 2023-05-24 | arXiv | https://github.com/bboylyg/RNP | http://arxiv.org/abs/2305.14876v2 |
| 112 | Text-to-Image Diffusion Models can be Easily Backdoored through Multimodal Data Poisoning | Shengfang Zhai, Yinpeng Dong, Qingni Shen, Shi Pu, Yuejian Fang, Hang Su | 2023-05-07 | arXiv | https://github.com/sf-zhai/BadT2I | http://arxiv.org/abs/2305.04175v2 |
| 113 | Enhancing Fine-Tuning based Backdoor Defense with Sharpness-Aware Minimization | Mingli Zhu, Shaokui Wei, Li Shen, Yanbo Fan, Baoyuan Wu | 2023-04-24 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/SCLBD/BackdoorBench | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377148 |
| 114 | UNICORN: A Unified Backdoor Trigger Inversion Framework | Zhenting Wang, Kai Mei, Juan Zhai, Shiqing Ma | 2023-04-05 | ICLR 2023 notable top 25% | https://github.com/RU-System-Software-and-Security/UNICORN | http://arxiv.org/abs/2304.02786v1 |
| 115 | Defending Against Patch-based Backdoor Attacks on Self-Supervised Learning | Ajinkya Tejankar, Maziar Sanjabi, Qifan Wang, Sinong Wang, Hamed Firooz, Hamed Pirsiavash, Liang Tan | 2023-04-04 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/UCDvision/PatchSearch | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10204245 |
| 116 | Mask and Restore: Blind Backdoor Defense at Test Time with Masked Autoencoder | Tao Sun, Lu Pang, Chao Chen, Haibin Ling | 2023-03-27 | arXiv | https://github.com/tsun/BDMAE | http://arxiv.org/abs/2303.15564v2 |
| 117 | Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency | Xiaogeng Liu, Minghui Li, Haoyu Wang, Shengshan Hu, Dengpan Ye, Hai Jin, Libing Wu, Chaowei Xiao | 2023-03-27 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/CGCL-codes/TeCo | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10204870 |
| 118 | Backdoor Defense via Adaptively Splitting Poisoned Dataset | Kuofeng Gao, Yang Bai, Jindong Gu, Yong Yang, Shu-Tao Xia | 2023-03-23 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/KuofengGao/ASD | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10204454 |
| 119 | Detecting Backdoors in Pre-trained Encoders | Shiwei Feng, Guanhong Tao, Siyuan Cheng, Guangyu Shen, Xiangzhe Xu, Yingqi Liu, Kaiyuan Zhang, Shiqing Ma, Xiangyu Zhang | 2023-03-23 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/GiantSeaweed/DECREE | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10205024 |
| 120 | Black-box Backdoor Defense via Zero-shot Image Purification | Yucheng Shi, Mengnan Du, Xuansheng Wu, Zihan Guan, Jin Sun, Ninghao Liu | 2023-03-21 | arXiv | https://github.com/sycny/ZIP | http://arxiv.org/abs/2303.12175v2 |
| 121 | AdaptGuard: Defending Against Universal Attacks for Model Adaptation | Lijun Sheng, Jian Liang, Ran He, Zilei Wang, Tieniu Tan | 2023-03-19 | arXiv | https://github.com/TomSheng21/AdaptGuard | http://arxiv.org/abs/2303.10594v2 |
| 122 | Backdoor Defense via Deconfounded Representation Learning | Zaixi Zhang, Qi Liu, Zhicai Wang, Zepu Lu, Qingyong Hu | 2023-03-13 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/zaixizhang/CBD | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10204451 |
| 123 | CleanCLIP: Mitigating Data Poisoning Attacks in Multimodal Contrastive Learning | Hritik Bansal, Nishad Singhi, Yu Yang, Fan Yin, Aditya Grover, Kai-Wei Chang | 2023-03-06 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/nishadsinghi/CleanCLIP | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377853 |
| 124 | Single Image Backdoor Inversion via Robust Smoothed Classifiers | Mingjie Sun, J. Zico Kolter | 2023-03-01 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/locuslab/smoothinv | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10203900 |
| 125 | ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms | Minzhou Pan, Yi Zeng, Lingjuan Lyu, Xue Lin, Ruoxi Jia | 2023-02-22 | OpenReview | https://github.com/ruoxi-jia-group/ASSET | http://arxiv.org/abs/2302.11408v2 |
| 126 | RobustNLP: A Technique to Defend NLP Models Against Backdoor Attacks | Marwan Omar | 2023-02-18 | arXiv | https://github.com/marwanomar1/Backdoor-Learning-for-NLP | https://doi.org/10.48550/arXiv.2302.09420 |
| 127 | Training-free Lexical Backdoor Attacks on Language Models | Yujin Huang, Terry Yue Zhuo, Qiongkai Xu, Han Hu, Xingliang Yuan, Chunyang Chen | 2023-02-08 | WWW | https://github.com/Jinxhy/TFLexAttack | https://doi.org/10.1145/3543507.3583348 |
| 128 | SCALE-UP: An Efficient Black-box Input-level Backdoor Detection via Analyzing Scaled Prediction Consistency | Junfeng Guo, Yiming Li, Xun Chen, Hanqing Guo, Lichao Sun, Cong Liu | 2023-02-07 | ICLR 2023 poster | https://github.com/JunfengGo/SCALE-UP | http://arxiv.org/abs/2302.03251v2 |
| 129 | Revisiting Personalized Federated Learning: Robustness Against Backdoor Attacks | Zeyu Qin, Liuyi Yao, Daoyuan Chen, Yaliang Li, Bolin Ding, Minhao Cheng | 2023-02-03 | KDD | https://github.com/alibaba/FederatedScope/tree/backdoor-bench | https://doi.org/10.1145/3580305.3599898 |
| 130 | BackdoorBox: A Python Toolbox for Backdoor Learning | Yiming Li, Mengxi Ya, Yang Bai, Yong Jiang, Shu-Tao Xia | 2023-02-01 | ICLR 2023 BANDS Spotlight | https://github.com/THUYimingLi/BackdoorBox | http://arxiv.org/abs/2302.01762v1 |
| 131 | Distilling Cognitive Backdoor Patterns within an Image | Hanxun Huang, Xingjun Ma, Sarah Monazam Erfani, James Bailey | 2023-01-26 | ICLR 2023 poster | https://github.com/HanxunH/CognitiveDistillation | http://arxiv.org/abs/2301.10908v4 |
| 132 | Enhancing Backdoor Attacks With Multi-Level MMD Regularization | Pengfei Xia, Hongjing Niu, Ziqiang Li, Bin Li | 2023 | IEEE Transactions on Dependable and Secure Computing | https://github.com/xpf/Multi-Level-MMD-Regularization | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9743735 |
| 133 | TransCAB: Transferable Clean-Annotation Backdoor to Object Detection with Natural Trigger in Real-World | Hua Ma, Yinshan Li, Yansong Gao, Zhi Zhang, Alsharif Abuadbba, Anmin Fu, Said F. Al-Sarawi, Nepal Surya, Derek Abbott | 2023 | 2023 42nd International Symposium on Reliable Distributed Systems (SRDS) | https://github.com/inconstance/T-shirt-natural-backdoor-dataset | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10419265 |
| 134 | Towards Robust Model Watermark via Reducing Parametric Vulnerability | Guanhao Gan, Yiming Li, Dongxian Wu, Shu-Tao Xia | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/GuanhaoGan/robust-model-watermarking | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10376653 |
| 135 | The Victim and The Beneficiary: Exploiting a Poisoned Model to Train a Clean Model on Poisoned Data | Z. Zhu, R. Wang, C. Zou, L. Jing | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/Zixuan-Zhu/VaB | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10376898 |
| 136 | SSDA: Secure Source-Free Domain Adaptation | Sabbir Ahmed, Abdullah Al Arafat, Mamshad Nayeem Rizve, Rahim Hossain, Zhishan Guo, Adnan Siraj Rakin | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/ML-Security-Research-LAB/SSDA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377715 |
| 137 | Rickrolling the Artist: Injecting Backdoors into Text Encoders for Text-to-Image Synthesis | Lukas Struppek, Dominik Hintersdorf, Kristian Kersting | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/LukasStruppek/Rickrolling-the-Artist | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377762 |
| 138 | Red Alarm for Pre-trained Models: Universal Vulnerabilities by Neuron-Level Backdoor Attacks | Zhengyan Zhang, Guangxuan Xiao, Yongwei Li, Tian Lv, Fanchao Qi, Zhiyuan Liu, Yasheng Wang, Xin Jiang, Maosong Sun | 2023 | arXiv | https://github.com/thunlp/NeuBA | https://arxiv.org/abs/2101.06969 |
| 139 | Incompatibility Clustering as a Defense Against Backdoor Poisoning Attacks | Charles Jin, Melinda Sun, Martin C. Rinard | 2023 | ICLR | https://github.com/charlesjin/compatibility_clustering/ | https://openreview.net/forum?id=mkJm5Uy4HrQ |
| 140 | How to Backdoor Diffusion Models? | Sheng-Yen Chou, Pin-Yu Chen, Tsung-Yi Ho | 2023 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/IBM/BadDiffusion | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10205106 |
| 141 | Going in Style: Audio Backdoors Through Stylistic Transformations | Stefanos Koffas, Luca Pajola, Stjepan Picek, Mauro Conti | 2023 | ICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) | https://github.com/skoffas/going-in-style | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10096332 |
| 142 | Computation and Data Efficient Backdoor Attacks | Yutong Wu, Xingshuo Han, Han Qiu, Tianwei Zhang | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/WU-YU-TONG/computational_efficient_backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377005 |
| 143 | Categorical Inference Poisoning: Verifiable Defense Against Black-Box DNN Model Stealing Without Constraining Surrogate Data and Query Times | H. Zhang, G. Hua, X. Wang, H. Jiang, W. Yang | 2023 | IEEE Transactions on Information Forensics and Security | https://github.com/Hatins/CIP_master | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10042038 |
| 144 | Black-Box Dataset Ownership Verification via Backdoor Watermarking | Yiming Li, Mingyan Zhu, Xue Yang, Yong Jiang, Tao Wei, Shu-Tao Xia | 2023 | IEEE Transactions on Information Forensics and Security | https://github.com/THUYimingLi/DVBW | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10097580 |
| 145 | Backdoor Cleansing with Unlabeled Data | Lu Pang, Tao Sun, Haibin Ling, Chao Chen | 2023 | 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/luluppang/BCU | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10203138 |
| 146 | Backdoor Attacks for Remote Sensing Data With Wavelet Transform | Nikolaus Dräger, Yonghao Xu, Pedram Ghamisi | 2023 | IEEE Transactions on Geoscience and Remote Sensing | https://github.com/ndraeger/waba | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10163060 |
| 147 | Backdoor Attack on Hash-based Image Retrieval via Clean-label Data Poisoning | Kuofeng Gao, Jiawang Bai, Bin Chen, Dongxian Wu, Shu-Tao Xia | 2023 | BMVC | https://github.com/KuofengGao/CIBA | http://proceedings.bmvc2023.org/172/ |
| 148 | An Empirical Study of Backdoor Attacks on Masked Auto Encoders | Shuli Zhuang, Pengfei Xia, Bin Li | 2023 | ICASSP 2023 - 2023 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) | https://github.com/zhuangshuli/MAE-Backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10095201 |
| 149 | An Embarrassingly Simple Backdoor Attack on Self-supervised Learning | Changjiang Li, Ren Pang, Zhaohan Xi, Tianyu Du, Shouling Ji, Yuan Yao, Ting Wang | 2023 | 2023 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/meet-cjli/CTRL | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10377889 |
| 150 | A Practical Clean-Label Backdoor Attack with Limited Information in Vertical Federated Learning | Peng Chen, Jirui Yang, Junxiong Lin, Zhihui Lu, Qiang Duan, Hongfeng Chai | 2023 | 2023 IEEE International Conference on Data Mining (ICDM) | https://github.com/13thDayOLunarMay/TECB-attack | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10415717 |
| 151 | Flareon: Stealthy any2any Backdoor Injection via Poisoned Augmentation | Tianrui Qin, Xianghuan He, Xitong Gao, Yiren Zhao, Kejiang Ye, Cheng-Zhong Xu | 2022-12-20 | Submitted to ICLR 2023 | https://github.com/lafeat/flareon | http://arxiv.org/abs/2212.09979v1 |
| 152 | BadPrompt: Backdoor Attacks on Continuous Prompts | Xiangrui Cai, Haidong Xu, Sihan Xu, Ying Zhang, Xiaojie Yuan | 2022-11-27 | NeurIPS | https://github.com/papersPapers/BadPrompt | http://papers.nips.cc/paper_files/paper/2022/hash/f0722b58f02d7793acf7d328928f933a-Abstract-Conference.html |
| 153 | Identifying a Training-Set Attack's Target Using Renormalized Influence Estimation | Zayd Hammoudeh, Daniel Lowd | 2022-11 | CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security | https://github.com/ZaydH/target_identification | https://dl.acm.org/doi/10.1145/3548606.3559335 |
| 154 | FLIP: A Provable Defense Framework for Backdoor Mitigation in Federated Learning | Kaiyuan Zhang, Guanhong Tao, Qiuling Xu, Siyuan Cheng, Shengwei An, Yingqi Liu, Shiwei Feng, Guangyu Shen, Pin-Yu Chen, Shiqing Ma, Xiangyu Zhang | 2022-10-23 | ICLR 2023 poster | https://github.com/KaiyuanZh/FLIP | http://arxiv.org/abs/2210.12873v2 |
| 155 | Thinking Two Moves Ahead: Anticipating Other Users Improves Backdoor Attacks in Federated Learning | Yuxin Wen, Jonas Geiping, Liam H Fowl, Hossein Souri, Rama Chellappa, Micah Goldblum, Tom Goldstein | 2022-10-17 | arXiv | https://github.com/YuxinWenRick/thinking-two-moves-ahead | https://doi.org/10.48550/arXiv.2210.09305 |
| 156 | Expose Backdoors on the Way: A Feature-Based Efficient Defense against Textual Backdoor Attacks | Sishuo Chen, Wenkai Yang, Zhiyuan Zhang, Xiaohan Bi, Xu Sun | 2022-10-14 | EMNLP | https://github.com/lancopku/DAN | https://doi.org/10.18653/v1/2022.findings-emnlp.47 |
| 157 | Trap and Replace: Defending Backdoor Attacks by Trapping Them into an Easy-to-Replace Subnetwork | Haotao Wang, Junyuan Hong, Aston Zhang, Jiayu Zhou, Zhangyang Wang | 2022-10-12 | NeurIPS | https://github.com/VITA-Group/Trap-and-Replace-Backdoor-Defense | http://papers.nips.cc/paper_files/paper/2022/hash/ea06e6e9e80f1c3d382317fff67041ac-Abstract-Conference.html |
| 158 | Opportunistic Backdoor Attacks: Exploring Human-imperceptible Vulnerabilities on Speech Recognition Systems | Qiang Liu, Tongqing Zhou, Zhiping Cai, Yonghao Tang | 2022-10 | MM '22: Proceedings of the 30th ACM International Conference on Multimedia | https://github.com/lqsunshine/DABA | https://dl.acm.org/doi/10.1145/3503161.3548261 |
| 159 | Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection | Yiming Li, Yang Bai, Yong Jiang, Yong Yang, Shu-Tao Xia, Bo Li | 2022-09-27 | NeurIPS 2022 Accept | https://github.com/THUYimingLi/Untargeted_Backdoor_Watermark | http://arxiv.org/abs/2210.00875v3 |
| 160 | The "Beatrix'' Resurrections: Robust Backdoor Detection via Gram Matrices | Wanlun Ma, Derui Wang, Ruoxi Sun, Minhui Xue, Sheng Wen, Yang Xiang | 2022-09-23 | arXiv | https://github.com/wanlunsec/Beatrix | http://arxiv.org/abs/2209.11715v3 |
| 161 | RIBAC: Towards Robust and Imperceptible Backdoor Attack against Compact DNN | Huy Phan, Cong Shi, Yi Xie, Tianfang Zhang, Zhuohang Li, Tianming Zhao, Jian Liu, Yan Wang, Yingying Chen, Bo Yuan | 2022-08-22 | ECCV | https://github.com/huyvnphan/ECCV2022-RIBAC | https://doi.org/10.1007/978-3-031-19772-7_41 |
| 162 | Friendly Noise against Adversarial Noise: A Powerful Defense against Data Poisoning Attacks | Tian Yu Liu, Yu Yang, Baharan Mirzasoleiman | 2022-08-14 | NeurIPS 2022 Accept | https://github.com/tianyu139/friendly-noise | http://arxiv.org/abs/2208.10224v4 |
| 163 | Data-free Backdoor Removal based on Channel Lipschitzness | Runkai Zheng, Rongjun Tang, Jianze Li, Li Liu | 2022-08-05 | arXiv | https://github.com/rkteddy/channel-Lipschitzness-based-pruning | http://arxiv.org/abs/2208.03111v2 |
| 164 | Deep Fidelity in DNN Watermarking: A Study of Backdoor Watermarking for Classification Models | Guang Hua, Andrew Beng Jin Teoh | 2022-08-01 | Pattern Recognition, Vol. 144, Dec. 2023 | https://github.com/ghua-ac/dnn_watermark | http://arxiv.org/abs/2208.00563v2 |
| 165 | A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks | Ganqu Cui, Lifan Yuan, Bingxiang He, Yangyi Chen, Zhiyuan Liu, Maosong Sun | 2022-06-17 | NeurIPS 2022 Datasets and Benchmarks | https://github.com/thunlp/OpenBackdoor | http://arxiv.org/abs/2206.08514v2 |
| 166 | Backdoor Attacks on Vision Transformers | Akshayvarun Subramanya, Aniruddha Saha, Soroush Abbasi Koohpayegani, Ajinkya Tejankar, Hamed Pirsiavash | 2022-06-16 | arXiv | https://github.com/UCDvision/backdoor_transformer | https://doi.org/10.48550/arXiv.2206.08477 |
| 167 | Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free | Tianlong Chen, Zhenyu Zhang, Yihua Zhang, Shiyu Chang, Sijia Liu, Zhangyang Wang | 2022-05-24 | 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/VITA-Group/Backdoor-LTH | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9879256 |
| 168 | Model-Contrastive Learning for Backdoor Defense | Zhihao Yue, Jun Xia, Zhiwei Ling, Ming Hu, Ting Wang, Xian Wei, Mingsong Chen | 2022-05-09 | arXiv | https://github.com/WeCanShow/MCL | http://arxiv.org/abs/2205.04411v2 |
| 169 | Imperceptible Backdoor Attack: From Input Space to Feature Representation | Nan Zhong, Zhenxing Qian, Xinpeng Zhang | 2022-05-06 | IJCAI | https://github.com/Ekko-zn/IJCAI2022-Backdoor | https://doi.org/10.24963/ijcai.2022/242 |
| 170 | Data-Efficient Backdoor Attacks | Pengfei Xia, Ziqiang Li, Wei Zhang, Bin Li | 2022-04-22 | IJCAI | https://github.com/xpf/Data-Efficient-Backdoor-Attacks | https://doi.org/10.24963/ijcai.2022/554 |
| 171 | Under-confidence Backdoors Are Resilient and Stealthy Backdoors | Minlong Peng, Zidi Xiong, Quang H. Nguyen, Mingming Sun, Khoa D. Doan, Ping Li | 2022-02-19 | arXiv | https://github.com/v-mipeng/LabelSmoothedAttack | http://arxiv.org/abs/2202.11203v2 |
| 172 | Training with More Confidence: Mitigating Injected and Natural Backdoors During Training | Zhenting Wang, Hailun Ding, Juan Zhai, Shiqing Ma | 2022-02-13 | NeurIPS 2022 Accept | https://github.com/RU-System-Software-and-Security/NONE | http://arxiv.org/abs/2202.06382v3 |
| 173 | Backdoor Defense via Decoupling the Training Process | Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin, Kui Ren | 2022-02-05 | ICLR 2022 Poster | https://github.com/SCLBD/DBD | http://arxiv.org/abs/2202.03423v1 |
| 174 | Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios | Zhen Xiang, David J. Miller, George Kesidis | 2022-01-20 | ICLR | https://github.com/zhenxianglance/2ClassBADetection | https://openreview.net/forum?id=MSgB8D4Hy51 |
| 175 | Randomized Channel Shuffling: Minimal-Overhead Backdoor Attack Detection without Clean Datasets | Ruisi Cai, Zhenyu Zhang, Tianlong Chen, Xiaohan Chen, Zhangyang Wang | 2022 | NeurIPS | https://github.com/VITA-Group/Random-Shuffling-BackdoorDetect | http://papers.nips.cc/paper_files/paper/2022/hash/db1d5c63576587fc1d40d33a75190c71-Abstract-Conference.html |
| 176 | Stealthy Backdoors as Compression Artifacts | Yulong Tian, Fnu Suya, Fengyuan Xu, David Evans | 2022 | IEEE Transactions on Information Forensics and Security | https://github.com/yulongtzzz/Stealthy-Backdoors-as-Compression-Artifacts | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9737144 |
| 177 | Textual Backdoor Attacks Can Be More Harmful via Two Simple Tricks | Yangyi Chen, Fanchao Qi, Hongcheng Gao, Zhiyuan Liu, Maosong Sun | 2022 | EMNLP | https://github.com/thunlp/StyleAttack | https://doi.org/10.18653/v1/2022.emnlp-main.770 |
| 178 | FIBA: Frequency-Injection based Backdoor Attack in Medical Image Analysis | Yu Feng, Benteng Ma, Jing Zhang, Shanshan Zhao, Yong Xia, Dacheng Tao | 2022 | 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/HazardFY/FIBA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9880076 |
| 179 | BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning | Jinyuan Jia, Yupei Liu, Neil Zhenqiang Gong | 2022 | 2022 IEEE Symposium on Security and Privacy (SP) | https://github.com/jjy1994/BadEncoder | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9833644 |
| 180 | Backdoor Attacks on Self-Supervised Learning | Aniruddha Saha, Ajinkya Tejankar, Soroush Abbasi Koohpayegani, Hamed Pirsiavash | 2022 | 2022 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://github.com/UMBCvisionISSL-Backdoor | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9879958 |
| 181 | Anomaly Localization in Model Gradients Under Backdoor Attacks Against Federated Learning | Zeki Bilgin | 2021-11-29 | arXiv | https://github.com/ArcelikAcikKaynak/Federated_Learning | https://arxiv.org/abs/2111.14683 |
| 182 | A Kernel Test for Causal Association via Noise Contrastive Backdoor Adjustment | Robert Hu, Dino Sejdinovic, Robin J. Evans | 2021-11-25 | arXiv | https://github.com/MrHuff/kgformula | http://arxiv.org/abs/2111.13226v4 |
| 183 | Adversarial Neuron Pruning Purifies Backdoored Deep Models | Dongxian Wu, Yisen Wang | 2021-10-27 | NeurIPS 2021 Poster | https://github.com/csdongxian/ANP_backdoor | http://arxiv.org/abs/2110.14430v1 |
| 184 | Anti-Backdoor Learning: Training Clean Models on Poisoned Data | Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, Xingjun Ma | 2021-10-22 | NeurIPS 2021 Poster | https://github.com/bboylyg/ABL | http://arxiv.org/abs/2110.11571v3 |
| 185 | RAP: Robustness-Aware Perturbations for Defending against Backdoor Attacks on NLP Models | Wenkai Yang, Yankai Lin, Peng Li, Jie Zhou, Xu Sun | 2021-10-15 | EMNLP | https://github.com/lancopku/RAP | https://doi.org/10.18653/v1/2021.emnlp-main.659 |
| 186 | Mind the Style of Text! Adversarial and Backdoor Attacks Based on Text Style Transfer | Fanchao Qi, Yangyi Chen, Xurui Zhang, Mukai Li, Zhiyuan Liu, Maosong Sun | 2021-10-14 | EMNLP | https://github.com/thunlp/StyleAttack | https://doi.org/10.18653/v1/2021.emnlp-main.374 |
| 187 | Excess Capacity and Backdoor Poisoning | Naren Sarayu Manoj, Avrim Blum | 2021-09-02 | NeurIPS 2021 Spotlight | https://github.com/narenmanoj/mnist-adv-training | http://arxiv.org/abs/2109.00685v3 |
| 188 | Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch | Hossein Souri, Liam H Fowl, Rama Chellappa, Micah Goldblum, Tom Goldstein | 2021-06-16 | OpenReview | https://github.com/hsouri/Sleeper-Agent | http://arxiv.org/abs/2106.08970v3 |
| 189 | CRFL: Certifiably Robust Federated Learning against Backdoor Attacks | Chulin Xie, Minghao Chen, Pin-Yu Chen, Bo Li | 2021-06-15 | ICML | https://github.com/AI-secure/CRFL | http://proceedings.mlr.press/v139/xie21a.html |
| 190 | Turn the Combination Lock: Learnable Textual Backdoor Attacks via Word Substitution | Fanchao Qi, Yuan Yao, Sophia Xu, Zhiyuan Liu, Maosong Sun | 2021-06-11 | ACL/IJCNLP | https://github.com/thunlp/BkdAtk-LWS | https://doi.org/10.18653/v1/2021.acl-long.377 |
| 191 | Hidden Killer: Invisible Textual Backdoor Attacks with Syntactic Trigger | Fanchao Qi, Mukai Li, Yangyi Chen, Zhengyan Zhang, Zhiyuan Liu, Yasheng Wang, Maosong Sun | 2021-05-26 | ACL/IJCNLP | https://github.com/thunlp/HiddenKiller | https://doi.org/10.18653/v1/2021.acl-long.37 |
| 192 | SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics | Jonathan Hayase, Weihao Kong, Raghav Somani, Sewoong Oh | 2021-04-22 | arXiv | https://github.com/SewoongLab/spectre-defense | https://arxiv.org/abs/2104.11315 |
| 193 | A Backdoor Attack against 3D Point Cloud Classifiers | Zhen Xiang, David J. Miller, Siheng Chen, Xi Li, George Kesidis | 2021-04-12 | 2021 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/zhenxianglance/PCBA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9711497 |
| 194 | Neural Attention Distillation: Erasing Backdoor Triggers from Deep Neural Networks | Yige Li, Xixiang Lyu, Nodens Koren, Lingjuan Lyu, Bo Li, Xingjun Ma | 2021-01-15 | ICLR 2021 Poster | https://github.com/bboylyg/NAD | http://arxiv.org/abs/2101.05930v2 |
| 195 | Backdoor Attack Against Speaker Verification | Tongqing Zhai, Yiming Li, Ziqi Zhang, Baoyuan Wu, Yong Jiang, Shu-Tao Xia | 2021 | ICASSP 2021 - 2021 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP) | https://github.com/zhaitongqing233/Backdoor-attack-against-speaker-verification | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9413468 |
| 196 | Fooling LiDAR Perception via Adversarial Trajectory Perturbation | Y. Li, C. Wen, F. Juefei-Xu, C. Feng | 2021 | 2021 IEEE/CVF International Conference on Computer Vision (ICCV) | https://ai4ce.github.io/FLAT/ | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9710897 |
| 197 | Invisible Backdoor Attack with Sample-Specific Triggers | Yuezun Li, Yiming Li, Baoyuan Wu, Longkang Li, Ran He, Siwei Lyu | 2021 | 2021 IEEE/CVF International Conference on Computer Vision (ICCV) | https://github.com/yuezunli/ISSBA | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9711191 |
| 198 | ONION: A Simple and Effective Defense Against Textual Backdoor Attacks | Fanchao Qi, Yangyi Chen, Mukai Li, Yuan Yao, Zhiyuan Liu, Maosong Sun | 2021 | EMNLP | https://github.com/thunlp/ONION | https://doi.org/10.18653/v1/2021.emnlp-main.752 |
| 199 | Use Procedural Noise to Achieve Backdoor Attack | Xuan Chen, Yuena Ma, Shiwei Lu | 2021 | IEEE Access | https://github.com/928082786/pnoiseattack | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9529206 |
| 200 | WAFFLE: Watermarking in Federated Learning | B. G. A. Tekgul, Y. Xia, S. Marchal, N. Asokan | 2021 | 2021 40th International Symposium on Reliable Distributed Systems (SRDS) | https://github.com/ssg-research/WAFFLE | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9603498 |
| 201 | Input-Aware Dynamic Backdoor Attack | Tuan Anh Nguyen, Anh Tuan Tran | 2020-10-16 | arXiv | https://github.com/VinAIResearch/input-aware-backdoor-attack-release | https://arxiv.org/abs/2010.08138 |
| 202 | Graph Backdoor | Zhaohan Xi, Ren Pang, Shouling Ji, Ting Wang | 2020-06-21 | arXiv | https://github.com/HarrialX/GraphBackdoor | http://arxiv.org/abs/2006.11890v5 |
| 203 | Weight Poisoning Attacks on Pre-trained Models | Keita Kurita, Paul Michel, Graham Neubig | 2020-04-14 | arXiv | https://github.com/neulab/RIPPLe | http://arxiv.org/abs/2004.06660v1 |
| 204 | Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs | Soheil Kolouri, Aniruddha Saha, Hamed Pirsiavash, Heiko Hoffmann | 2020 | 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) | https://umbcvision.github.io/Universal-Litmus-Patterns/ | https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9157782 |
| 205 | Interventional Few-Shot Learning | Hanwang Zhang | nan | OpenReview | https://github.com/yue-zhongqi/ifsl | https://openreview.net/pdf/a3e8e20306d3900c32c022334a220001fd1f7868.pdf |
| 206 | Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples | Weixin Chen, Baoyuan Wu, Haoqian Wang | nan | NeurIPS 2022 Accept | https://github.com/SCLBD/Effective_backdoor_defense | https://openreview.net/pdf/82397e777241ae042276e8493ca8e5d228821582.pdf |
| 207 | MetaPoison: Learning to craft adversarial poisoning examples via meta-learning | W. Ronny Huang, Jonas Geiping, Liam Fowl, Gavin Taylor, Tom Goldstein | nan | OpenReview | https://github.com/2350532677/metapoison | https://openreview.net/pdf/5f78928102aaa8be2c8a7134096ffecf8733f894.pdf |
| 208 | Moderate-fitting as a Natural Backdoor Defender for Pre-trained Language Models | Biru Zhu, Yujia Qin, Ganqu Cui, Yangyi Chen, Weilin Zhao, Chong Fu, Yangdong Deng, Zhiyuan Liu, Jingang Wang, Wei Wu, Maosong Sun, Ming Gu | nan | NeurIPS 2022 Accept | https://github.com/thunlp/Moderate-fitting | https://openreview.net/pdf/c4fc6df6829404ccd0da096c0b97ea0689c6e819.pdf |
| 209 | Necessary and sufficient graphical conditions for optimal adjustment sets in causal graphical models with hidden variables | Jakob Runge | nan | NeurIPS 2021 Spotlight | https://github.com/jakobrunge/tigramite | https://openreview.net/pdf/8b665604f2587b6697f650765da1d2c1731df0fc.pdf |
| 210 | Qu-ANTI-zation: Exploiting Quantization Artifacts for Achieving Adversarial Outcomes | Sanghyun Hong, Michael-Andrei Panaitescu-Liess, Yigitcan Kaya, Tudor Dumitras | nan | NeurIPS 2021 Poster | https://github.com/Secure-AI-Systems-Group/Qu-ANTI-zation | https://openreview.net/pdf/d99b499610c11e58db2b8e2b8b421fbd7ec493a8.pdf |
| 211 | Rethinking the Reverse-engineering of Trojan Triggers | Zhenting Wang, Kai Mei, Hailun Ding, Juan Zhai, Shiqing Ma | nan | NeurIPS 2022 Accept | https://github.com/RU-System-Software-and-Security/FeatureRE | https://openreview.net/pdf/e8ad6cc8620c4cec22babbe51c8f36d680dcd00c.pdf |
| 212 | Revisiting the Assumption of Latent Separability for Backdoor Defenses | Xiangyu Qi, Tinghao Xie, Yiming Li, Saeed Mahloujifar, Prateek Mittal | nan | ICLR 2023 poster | https://github.com/Unispac/Circumventing-Backdoor-Defenses | https://openreview.net/pdf/4c94fe40e30925694ed4ecc84bacd2fc7543b21c.pdf |
| 213 | The Dark Side of AutoML: Towards Architectural Backdoor Search | Ren Pang, Changjiang Li, Zhaohan Xi, Shouling Ji, Ting Wang | nan | ICLR 2023 poster | https://github.com/ain-soph/nas_backdoor | https://openreview.net/pdf/9b89e3f420dd473917d9c33741ea888a54ecb1b3.pdf |
| 214 | TrojText: Test-time Invisible Textual Trojan Insertion | Qian Lou, Yepeng Liu, Bo Feng | nan | ICLR 2023 poster | https://github.com/UCF-ML-Research/TrojText | https://openreview.net/pdf/090c1fa0cc728fa6eb032fe3c74b8b5125be7e94.pdf |