Survey of Deep Learning Backdoor Attack on Image Data

The in-depth exploration of backdoor attacks in the field of deep learning is important for the security and robustness of deep learning models. With the widespread application of deep learning technology, the use of third-party data and pre-trained models has become common; however, this poses potential security threats. Researchers have found that malicious codes or hidden backdoors may be introduced into a model via unverified third-party resources and may be activated under specific conditions, leading to abnormal model behavior. Currently, backdoor attack methods in the field of imaging are constantly being developed; however, systematic reviews that comprehensively introduce backdoor attack techniques in the field of imaging are rare. To this end, the concepts and basic attack processes of backdoor attacks are introduced in this study. Subsequently, the differences between backdoor and adversarial attacks, as well as data poisoning attacks, are analyzed. Additionally, backdoor attack techniques in the imaging field are classified based on seven aspects: triggers, fusion strategies, target categories, model structure modifications, model weight modifications, code poisoning, and data sorting. The evolution of backdoor attack techniques is discussed, and the characteristics, performance, advantages, and disadvantages of the different techniques are analyzed. On this basis, the results of the present study are summarized and possible future research directions are analyzed from multiple perspectives, emphasizing the importance of building safe and reliable deep learning models.