This endeavor formed part of my broader project to compile a library of backdoor attacks. The task at hand involved a relatively straightforward method: introducing backdoors through image rotation. Conceptually, a more sophisticated approach could entail isolating an object within an image to rotate solely that object, rather than the entire image. In my approach, however, I limited the scope to rotating selected trigger images and meticulously removing any resulting black spaces. Despite its apparent simplicity, I encountered a significant challenge: the attack success rate stubbornly remained below 50%. A thorough review of my code revealed no clear faults, which led me to consider broader testing strategies.
To uncover the underlying issue, I conducted tests across a variety of datasets and models. This investigative process led to a pivotal realization: the root cause was my initial choice of the CIFAR-10 dataset for model implementation. Intrinsically, CIFAR-10 includes rotated images to enhance training robustness, a feature that inadvertently introduced confusion for the model as to whether a rotated image should be associated with an incorrect or correct label. In response to this discovery, I switched to utilizing the GTSRB (German Traffic Sign Recognition Benchmark) dataset. This strategic adjustment enabled me to achieve the expected levels of baseline accuracy and attack success rates, highlighting the critical role of dataset selection in the efficacy of backdoor attack strategies.