earticle

영어

We have experimentally confirmed that image learning model environments are vulnerable to backdoor attacks that cause misclassification through trigger insertion. Backdoor attacks were influenced by the tradeoff between detection evasion and image quality maintenance, as well as attack stability and disturbance characteristics depending on the multi-resolution environment. We designed and experimented with a total of 10 attack techniques—InputAware, Reflection, LIRA, NeuralCleanse, AdaptiveTrigger, and their hybrid attack models—targeted at images with resolutions of 224× 224, 512× 512, and 1024× 1024. In this research, we used performance metrics such as attack success rate (ASR), PSNR, SSIM, and confidence, and compared and analyzed performance differences according to resolution changes. The experimental results showed that AdaptiveTrigger and Hybrid AdaptiveTrigger achieved 100% attack success rate at all resolutions and demonstrated high attack risk. In particular, the Hybrid InputAware model demonstrated the most balanced performance, showing a balance between success rate and stealthiness, as well as strong stability even with resolution changes. Through this study, we have comprehensively analyzed the threat level and evasion capabilities of various backdoor attack techniques, as well as changes in attack characteristics due to resolution changes. We expect that this research will contribute to the design and defense of attack detection systems targeting image learning in the future.