Stetman读paper小记：Backdoor Learning: A Survey（Yiming Li, Yong Jiang, Zhifeng Li, Shu-Tao Xia）

Contents：

1.Introduction and some preliminaries

2.Classical Scenarios and Corresponding Capacities

3.Backdoor Attacks

4.Backdoor Defence

5.Future Directions

Introduction and some preliminaries

Introduction of BackDoor Learning

文章中简述了后门攻击：在训练过程中会攻击者在DNN中植入后门，使被攻击的DNN在良性样本上表现正常，而如果后门触发模式被激活，DNN的预测将会被恶意地不断改变。目前最主流最直接的方式就是通过中毒训练集（如：添加触发器）向DNN中植入后门，如图所示。除了直接毒害训练样本外，还可以通过迁移学习，直接修改模型参数，并添加额外的恶意模块来嵌入隐藏的后门。

 some preliminaries of BackDoor Learning

原文给出了一些相关概念和解释

• Benign model refers to the model trained under benign
settings.
• Infected model refers to the model with hidden back-
door(s).
• Poisoned sample is the modified training sample used in
poisoning-based backdoor attacks for embedding back-
door(s) in the model during the training process.
• Trigger is the pattern used for generating poisoned sam-
ples and activating the hidden backdoor(s).
• Attacked sample indicates the malicious testing sample
containing backdoor trigger(s).
• Attack scenario refers to the scenario that the backdoor
attack might happen. Usually, it happens when the train-
ing process is inaccessible or out of control by the user,
such as training with third-