Backdoor Attack against One-Class Sequential Anomaly Detection Models
He Cheng, Shuhan Yuan
TL;DR
This work addresses backdoor vulnerabilities in deep one‑class sequential anomaly detectors, focusing on distance‑based models like $L_{SVDD}$ and extensions such as OC4Seq. It introduces a two‑stage attack: trigger generation to craft imperceptible perturbations on normal data and backdoor injection via two drift objectives—perturbed sequence center drifting and perturbed sequence representation drifting—to cause triggered anomalies to be labeled as normal, with extensions to local subsequences in OC4Seq. Empirical results on the BGL and Thunderbird datasets show infected models maintain strong benign performance while achieving high attack success rates when encountering triggered sequences, demonstrating a substantial security risk in sequential anomaly detection systems. These findings motivate the development of defenses against backdoor attacks in sequential anomaly detection, given the practical impact on critical applications.
Abstract
Deep anomaly detection on sequential data has garnered significant attention due to the wide application scenarios. However, deep learning-based models face a critical security threat - their vulnerability to backdoor attacks. In this paper, we explore compromising deep sequential anomaly detection models by proposing a novel backdoor attack strategy. The attack approach comprises two primary steps, trigger generation and backdoor injection. Trigger generation is to derive imperceptible triggers by crafting perturbed samples from the benign normal data, of which the perturbed samples are still normal. The backdoor injection is to properly inject the backdoor triggers to comprise the model only for the samples with triggers. The experimental results demonstrate the effectiveness of our proposed attack strategy by injecting backdoors on two well-established one-class anomaly detection models.