BadRefSR: Backdoor Attacks Against Reference-based Image Super Resolution
Xue Yang, Tao Chen, Lei Guo, Wenbo Jiang, Ji Guo, Yongming Li, Jiaming He
TL;DR
This paper addresses security risks in reference-based image super-resolution (RefSR) by introducing BadRefSR, a backdoor framework that embeds triggers in the Ref input. The attacker poisons training data and trains the RefSR model with a mixed loss to preserve normal SR on clean data while forcing attacker-chosen outputs on triggered inputs. The method demonstrates that attacked models maintain normal performance for clean inputs but output a predefined target image when the Ref is trigger-modified, across multiple triggers and poisoning rates, with practical stealth advantages. The work highlights a significant vulnerability in RefSR systems and motivates the development of defense mechanisms for reference-based reconstruction tasks.
Abstract
Reference-based image super-resolution (RefSR) represents a promising advancement in super-resolution (SR). In contrast to single-image super-resolution (SISR), RefSR leverages an additional reference image to help recover high-frequency details, yet its vulnerability to backdoor attacks has not been explored. To fill this research gap, we propose a novel attack framework called BadRefSR, which embeds backdoors in the RefSR model by adding triggers to the reference images and training with a mixed loss function. Extensive experiments across various backdoor attack settings demonstrate the effectiveness of BadRefSR. The compromised RefSR network performs normally on clean input images, while outputting attacker-specified target images on triggered input images. Our study aims to alert researchers to the potential backdoor risks in RefSR. Codes are available at https://github.com/xuefusiji/BadRefSR.