Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Event Trojan: Asynchronous Event-based Backdoor Attacks

Ruofei Wang, Qing Guo, Haoliang Li, Renjie Wan

TL;DR

This work introduces Event Trojan, a framework for backdoor attacks directly injected into asynchronous event streams. It proposes two trigger paradigms—immutable and mutable—with the latter using adaptive time stamps learned to maximize attack effectiveness while preserving stealth, guided by a dedicated loss that combines cosine similarity and distributional alignment. Across two public event datasets and 22 victim models, the mutable trigger generally achieves higher attack success and maintains benign accuracy better than the immutable trigger, even under defense methods like Neural Polarizer; representation-based triggers show limitations due to inaccessibility of event representations during inference. The results highlight significant security concerns for event-based vision tasks and call for defense-focused research to mitigate such backdoor risks in real-world deployments.

Abstract

As asynchronous event data is more frequently engaged in various vision tasks, the risk of backdoor attacks becomes more evident. However, research into the potential risk associated with backdoor attacks in asynchronous event data has been scarce, leaving related tasks vulnerable to potential threats. This paper has uncovered the possibility of directly poisoning event data streams by proposing Event Trojan framework, including two kinds of triggers, i.e., immutable and mutable triggers. Specifically, our two types of event triggers are based on a sequence of simulated event spikes, which can be easily incorporated into any event stream to initiate backdoor attacks. Additionally, for the mutable trigger, we design an adaptive learning mechanism to maximize its aggressiveness. To improve the stealthiness, we introduce a novel loss function that constrains the generated contents of mutable triggers, minimizing the difference between triggers and original events while maintaining effectiveness. Extensive experiments on public event datasets show the effectiveness of the proposed backdoor triggers. We hope that this paper can draw greater attention to the potential threats posed by backdoor attacks on event-based tasks. Our code is available at https://github.com/rfww/EventTrojan.

Event Trojan: Asynchronous Event-based Backdoor Attacks

TL;DR

This work introduces Event Trojan, a framework for backdoor attacks directly injected into asynchronous event streams. It proposes two trigger paradigms—immutable and mutable—with the latter using adaptive time stamps learned to maximize attack effectiveness while preserving stealth, guided by a dedicated loss that combines cosine similarity and distributional alignment. Across two public event datasets and 22 victim models, the mutable trigger generally achieves higher attack success and maintains benign accuracy better than the immutable trigger, even under defense methods like Neural Polarizer; representation-based triggers show limitations due to inaccessibility of event representations during inference. The results highlight significant security concerns for event-based vision tasks and call for defense-focused research to mitigate such backdoor risks in real-world deployments.

Abstract

As asynchronous event data is more frequently engaged in various vision tasks, the risk of backdoor attacks becomes more evident. However, research into the potential risk associated with backdoor attacks in asynchronous event data has been scarce, leaving related tasks vulnerable to potential threats. This paper has uncovered the possibility of directly poisoning event data streams by proposing Event Trojan framework, including two kinds of triggers, i.e., immutable and mutable triggers. Specifically, our two types of event triggers are based on a sequence of simulated event spikes, which can be easily incorporated into any event stream to initiate backdoor attacks. Additionally, for the mutable trigger, we design an adaptive learning mechanism to maximize its aggressiveness. To improve the stealthiness, we introduce a novel loss function that constrains the generated contents of mutable triggers, minimizing the difference between triggers and original events while maintaining effectiveness. Extensive experiments on public event datasets show the effectiveness of the proposed backdoor triggers. We hope that this paper can draw greater attention to the potential threats posed by backdoor attacks on event-based tasks. Our code is available at https://github.com/rfww/EventTrojan.
Paper Structure (39 sections, 5 equations, 12 figures, 8 tables, 1 algorithm)

This paper contains 39 sections, 5 equations, 12 figures, 8 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related work
  3. Event data
  4. Backdoor attack
  5. Preliminary
  6. Backdoor attack
  7. Background of event data
  8. Backdoor attack on event representation.
  9. Methodology
  10. Threat model
  11. Attacker’s capability.
  12. Attacker’s goal.
  13. Immutable trigger
  14. Mutable trigger
  15. Implementation details
  16. ...and 24 more sections

Figures (12)

  • Figure 1: Event data consists of a large number of asynchronous events, which can be manipulated to inject malicious triggers with high stealthiness, as illustrated by the green points in various point sets. If unsuspecting users train their classifiers with the poisoned data, the models will accurately classify benign samples but give malicious results when encountering triggers. The right images are rendered by EST gehrig2019end.
  • Figure 2: The pipeline of the event data-based backdoor attacks. (a) The principle of event activation: events are generated when there are relative changes in brightness that exceed a threshold $\sigma$. (b) The flowchart of vision models based on event data. Each event stream needs to be first converted to an image-like representation by $\bm{\mathcal{R}}_\omega(\cdot)$gehrig2019end. Generating poisoned samples by the immutable trigger (c) and mutable trigger (d), respectively. $T_{\xi^*}(\cdot)$ is the mutable trigger generator with its best parameters $\xi^*$. + indicates the concatenation operation.
  • Figure 3: Visualization results corresponding to the benign events, poisoned events, and the corresponding triggers. Trigger details are zoomed in on the red square for better visibility. For the representation trigger, we show two types of triggers in 2nd column generated by BadNets gu2017badnets (1st row) and FIBA feng2022fiba (2nd row), respectively.
  • Figure 4: Quantitative results about Immutable Trigger (IT) and Mutable Trigger (MT) evaluated by 22 deep classifiers on the event data from N-Caltech101 dataset orchard2015converting. The names of some baselines are abbreviated due to space limitation (Res: ResNet he2016deep, Eff: EfficientNet tan2019efficientnet, Inc: Inception szegedy2016rethinking).
  • Figure 5: Quantitative results about Immutable Trigger (IT) and Mutable Trigger (MT) evaluated by 22 deep classifiers on the event data from N-Cars dataset sironi2018hats. The names of some baselines are abbreviated due to space limitation (Res: ResNet he2016deep, Eff: EfficientNet tan2019efficientnet, Inc: Inception szegedy2016rethinking).
  • ...and 7 more figures