pith. sign in
Pith Number

pith:UUKNPT22

pith:2017:UUKNPT22KNHQIW6ZBRKVOKLB7H
not attested not anchored not stored refs resolved

Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

Bo Li, Chang Liu, Dawn Song, Kimberly Lu, Xinyun Chen

A backdoor adversary can inject only around 50 poisoning samples to achieve over 90 percent attack success rate in deep learning systems.

arxiv:1712.05526 v1 · 2017-12-15 · cs.CR · cs.LG

Add to your LaTeX paper
\usepackage{pith}
\pithnumber{UUKNPT22KNHQIW6ZBRKVOKLB7H}

Prints a linked badge after your title and injects PDF metadata. Compiles on arXiv. Learn more · Embed verified badge

Record completeness

1 Bitcoin timestamp
2 Internet Archive
3 Author claim open · sign in to claim
4 Citations open
5 Replications open
Portable graph bundle live · download bundle · merged state
The bundle contains the canonical record plus signed events. A mirror can host it anywhere and recompute the same current state with the deterministic merge algorithm.

Claims

C1strongest claim

a backdoor adversary can inject only around 50 poisoning samples, while achieving an attack success rate of above 90%. We are also the first work to show that a data poisoning attack can create physically implementable backdoors without touching the training process.

C2weakest assumption

The victim training pipeline allows injection of a small number of poisoning samples and the model will learn the association between the imperceptible trigger and the target label from those samples alone.

C3one line summary

Injecting around 50 poisoned samples with a stealthy trigger creates backdoors in deep learning models achieving over 90% attack success under a weak threat model with no model or data knowledge required.

References

74 extracted · 74 resolved · 3 Pith anchors

[1] Available: https://www.tripwire.com/state-of-security/ security-data-protection/insider-threats-main-security-threat-2017/ 2017
[2] Available: https://www.helpnetsecurity.com/2015/08/19/ the-insider-versus-the-outsider-who-poses-the-biggest-security-risk/ 2015
[3] Available: https://www.fastcompany.com/3065778/ baidu-says-new-face-recognition-can-replace-checking-ids-or-tickets
[4] Available: https://www 2017
[5] Available: http://www.zdnet.com/article/ facial-recognition-technology-to-replace-passports-at-australian-airports

Formal links

1 machine-checked theorem link

Cited by

64 papers in Pith

Receipt and verification
First computed 2026-05-18T03:17:11.271452Z
Builder pith-number-builder-2026-05-17-v1
Signature Pith Ed25519 (pith-v1-2026-05) · public key
Schema pith-number/v1.0

Canonical hash

a514d7cf5a534f045bd90c55572961f9cd906a9875384f56939c032093e542b5

Aliases

arxiv: 1712.05526 · arxiv_version: 1712.05526v1 · doi: 10.48550/arxiv.1712.05526 · pith_short_12: UUKNPT22KNHQ · pith_short_16: UUKNPT22KNHQIW6Z · pith_short_8: UUKNPT22
Agent API
Verify this Pith Number yourself
curl -sH 'Accept: application/ld+json' https://pith.science/pith/UUKNPT22KNHQIW6ZBRKVOKLB7H \
  | jq -c '.canonical_record' \
  | python3 -c "import sys,json,hashlib; b=json.dumps(json.loads(sys.stdin.read()), sort_keys=True, separators=(',',':'), ensure_ascii=False).encode(); print(hashlib.sha256(b).hexdigest())"
# expect: a514d7cf5a534f045bd90c55572961f9cd906a9875384f56939c032093e542b5
Canonical record JSON
{
  "metadata": {
    "abstract_canon_sha256": "97e573e4a703a1f54ddb68b78d1d4f418db6a939dc53f98a6f11c566fbc481d4",
    "cross_cats_sorted": [
      "cs.LG"
    ],
    "license": "http://arxiv.org/licenses/nonexclusive-distrib/1.0/",
    "primary_cat": "cs.CR",
    "submitted_at": "2017-12-15T04:26:26Z",
    "title_canon_sha256": "3b3a93952bb15be6868655fbe357bf682e384148cdd671f839d8e05d15e044d4"
  },
  "schema_version": "1.0",
  "source": {
    "id": "1712.05526",
    "kind": "arxiv",
    "version": 1
  }
}