Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Physical Backdoor: Towards Temperature-based Backdoor Attacks in the Physical World

Wen Yin, Jian Lou, Pan Zhou, Yulai Xie, Dan Feng, Yuhua Sun, Tailai Zhang, Lichao Sun

TL;DR

This paper reveals security vulnerabilities in thermal infrared object detectors by introducing two backdoor mechanisms, Object-Affecting Attack and Range-Affecting Attack, controlled by temperature-triggered signals. It formulates a data-poisoning threat model and provides concrete attack implementations, including temperature-based trigger design and mappings from temperature to pixel values. Digital and physical experiments show high attack success rates (ASR up to 98%+) while maintaining reasonable benign performance, across multiple detectors and real-world scenarios, highlighting practical risks. The work also evaluates defenses, finding that common backdoor mitigations can reduce ASR but often at the cost of degraded accuracy, underscoring the need for TIOD-specific security measures and defenses.

Abstract

Backdoor attacks have been well-studied in visible light object detection (VLOD) in recent years. However, VLOD can not effectively work in dark and temperature-sensitive scenarios. Instead, thermal infrared object detection (TIOD) is the most accessible and practical in such environments. In this paper, our team is the first to investigate the security vulnerabilities associated with TIOD in the context of backdoor attacks, spanning both the digital and physical realms. We introduce two novel types of backdoor attacks on TIOD, each offering unique capabilities: Object-affecting Attack and Range-affecting Attack. We conduct a comprehensive analysis of key factors influencing trigger design, which include temperature, size, material, and concealment. These factors, especially temperature, significantly impact the efficacy of backdoor attacks on TIOD. A thorough understanding of these factors will serve as a foundation for designing physical triggers and temperature controlling experiments. Our study includes extensive experiments conducted in both digital and physical environments. In the digital realm, we evaluate our approach using benchmark datasets for TIOD, achieving an Attack Success Rate (ASR) of up to 98.21%. In the physical realm, we test our approach in two real-world settings: a traffic intersection and a parking lot, using a thermal infrared camera. Here, we attain an ASR of up to 98.38%.

Physical Backdoor: Towards Temperature-based Backdoor Attacks in the Physical World

TL;DR

This paper reveals security vulnerabilities in thermal infrared object detectors by introducing two backdoor mechanisms, Object-Affecting Attack and Range-Affecting Attack, controlled by temperature-triggered signals. It formulates a data-poisoning threat model and provides concrete attack implementations, including temperature-based trigger design and mappings from temperature to pixel values. Digital and physical experiments show high attack success rates (ASR up to 98%+) while maintaining reasonable benign performance, across multiple detectors and real-world scenarios, highlighting practical risks. The work also evaluates defenses, finding that common backdoor mitigations can reduce ASR but often at the cost of degraded accuracy, underscoring the need for TIOD-specific security measures and defenses.

Abstract

Backdoor attacks have been well-studied in visible light object detection (VLOD) in recent years. However, VLOD can not effectively work in dark and temperature-sensitive scenarios. Instead, thermal infrared object detection (TIOD) is the most accessible and practical in such environments. In this paper, our team is the first to investigate the security vulnerabilities associated with TIOD in the context of backdoor attacks, spanning both the digital and physical realms. We introduce two novel types of backdoor attacks on TIOD, each offering unique capabilities: Object-affecting Attack and Range-affecting Attack. We conduct a comprehensive analysis of key factors influencing trigger design, which include temperature, size, material, and concealment. These factors, especially temperature, significantly impact the efficacy of backdoor attacks on TIOD. A thorough understanding of these factors will serve as a foundation for designing physical triggers and temperature controlling experiments. Our study includes extensive experiments conducted in both digital and physical environments. In the digital realm, we evaluate our approach using benchmark datasets for TIOD, achieving an Attack Success Rate (ASR) of up to 98.21%. In the physical realm, we test our approach in two real-world settings: a traffic intersection and a parking lot, using a thermal infrared camera. Here, we attain an ASR of up to 98.38%.
Paper Structure (17 sections, 14 equations, 8 figures, 4 tables)

This paper contains 17 sections, 14 equations, 8 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Backdoor Attacks on TIOD
  4. Threat Model
  5. Problem Formulation
  6. Proposed Attacks
  7. Preliminaries
  8. Object-Affecting Attack
  9. Range-Affecting Attack
  10. Experiments
  11. Experiments of Digital World Attacks
  12. Attack Parameters
  13. Attack Effectiveness
  14. Temperature Modulated Triggering
  15. Experiments of Physical World Attacks
  16. ...and 2 more sections

Figures (8)

  • Figure 1: Examples of OAA and RAA for car disappearance in the physical world. By changing the temperature of the trigger, it is capable to switch between whether the backdoor is activated in OAA and to adjust the attack range in RAA. The affecting range of RAA is marked as the red circle.
  • Figure 2: Overview of our proposed attacks. The red arrow in 2) indicates that "car" is modified to "$l^d_i$". The $r_1$ and $r_2$ are attack radius.
  • Figure 3: Function fitting of $p-T^4$.
  • Figure 4: RGB triggers mapped to the thermal infrared domain.
  • Figure 5: Physical electrothermal trigger design.
  • ...and 3 more figures