CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding
Backdoor attacks pose a significant threat to the security of deep neural networks by enabling hidden manipulations that alter model predictions when specific triggers are present. Many existing attacks struggle with limited transferability across architectures, reduced stealth, or vulnerability to...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Elsevier
2025-12-01
|
| Series: | Systems and Soft Computing |
| Subjects: | |
| Online Access: | http://www.sciencedirect.com/science/article/pii/S277294192500153X |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849428828337733632 |
|---|---|
| author | Ahmed Bensaoud Jugal Kalita |
| author_facet | Ahmed Bensaoud Jugal Kalita |
| author_sort | Ahmed Bensaoud |
| collection | DOAJ |
| description | Backdoor attacks pose a significant threat to the security of deep neural networks by enabling hidden manipulations that alter model predictions when specific triggers are present. Many existing attacks struggle with limited transferability across architectures, reduced stealth, or vulnerability to detection by current defense methods. This work introduces CleanSheet, a novel backdoor attack framework that addresses these challenges through compact, adaptive trigger designs. CleanSheet is evaluated across a wide range of datasets CIFAR-10, AG News, SVHN, TinyImageNet, IMDB and MalNet-Tiny and models including ResNet-18, VGG-16, DenseNet-121, BERT, and GPT-3. It achieves an attack success rate of up to 96.2% on GPT-3 with the IMDB dataset while maintaining high accuracy on clean inputs. CleanSheet also bypasses advanced defenses such as ONION, input sanitization, and anomaly detection, consistently achieving over 89% attack success even under defense. We further analyze how factors like trigger size and type, dataset scale, training duration, and model complexity affect the attack’s performance. Compared to baseline methods, CleanSheet improves attack success rate by an average of 12.4%. These results highlight the effectiveness and stealth of CleanSheet, calling attention to the need for improved defense mechanisms in machine learning systems. |
| format | Article |
| id | doaj-art-75657d39d161492abb89a2f557e6e787 |
| institution | Kabale University |
| issn | 2772-9419 |
| language | English |
| publishDate | 2025-12-01 |
| publisher | Elsevier |
| record_format | Article |
| series | Systems and Soft Computing |
| spelling | doaj-art-75657d39d161492abb89a2f557e6e7872025-08-20T03:28:33ZengElsevierSystems and Soft Computing2772-94192025-12-01720033510.1016/j.sasc.2025.200335CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embeddingAhmed Bensaoud0Jugal Kalita1Corresponding author.; Department of Computer Science, University of Colorado Colorado Springs, USADepartment of Computer Science, University of Colorado Colorado Springs, USABackdoor attacks pose a significant threat to the security of deep neural networks by enabling hidden manipulations that alter model predictions when specific triggers are present. Many existing attacks struggle with limited transferability across architectures, reduced stealth, or vulnerability to detection by current defense methods. This work introduces CleanSheet, a novel backdoor attack framework that addresses these challenges through compact, adaptive trigger designs. CleanSheet is evaluated across a wide range of datasets CIFAR-10, AG News, SVHN, TinyImageNet, IMDB and MalNet-Tiny and models including ResNet-18, VGG-16, DenseNet-121, BERT, and GPT-3. It achieves an attack success rate of up to 96.2% on GPT-3 with the IMDB dataset while maintaining high accuracy on clean inputs. CleanSheet also bypasses advanced defenses such as ONION, input sanitization, and anomaly detection, consistently achieving over 89% attack success even under defense. We further analyze how factors like trigger size and type, dataset scale, training duration, and model complexity affect the attack’s performance. Compared to baseline methods, CleanSheet improves attack success rate by an average of 12.4%. These results highlight the effectiveness and stealth of CleanSheet, calling attention to the need for improved defense mechanisms in machine learning systems.http://www.sciencedirect.com/science/article/pii/S277294192500153XBackdoor attacksDeep neural networks (DNNs)CleanSheet attackAdversarial machine learningStealth attacks |
| spellingShingle | Ahmed Bensaoud Jugal Kalita CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding Systems and Soft Computing Backdoor attacks Deep neural networks (DNNs) CleanSheet attack Adversarial machine learning Stealth attacks |
| title | CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| title_full | CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| title_fullStr | CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| title_full_unstemmed | CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| title_short | CleanSheet: Advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| title_sort | cleansheet advancing backdoor attack techniques for deep neural networks with stealthy trigger embedding |
| topic | Backdoor attacks Deep neural networks (DNNs) CleanSheet attack Adversarial machine learning Stealth attacks |
| url | http://www.sciencedirect.com/science/article/pii/S277294192500153X |
| work_keys_str_mv | AT ahmedbensaoud cleansheetadvancingbackdoorattacktechniquesfordeepneuralnetworkswithstealthytriggerembedding AT jugalkalita cleansheetadvancingbackdoorattacktechniquesfordeepneuralnetworkswithstealthytriggerembedding |