Backdoor attacks aim to inject a backdoor into a classifier such that it predicts any input with an attacker-chosen backdoor trigger as an attacker-chosen target class. Existing backdoor attacks require either retraining the classifier with some clean data or modifying the model's architecture. As a result, they are 1) not applicable when clean data is unavailable, 2) less efficient when the model is large, and 3) less stealthy due to architecture changes. In this work, we propose DFBA, a novel retraining-free and data-free backdoor attack without changing the model architecture. Technically, our proposed method modifies a few parameters of a classifier to inject a backdoor. Through theoretical analysis, we verify that our injected backdoor is provably undetectable and unremovable by various state-of-the-art defenses under mild assumptions. Our evaluation on multiple datasets further demonstrates that our injected backdoor: 1) incurs negligible classification loss, 2) achieves 100% attack success rates, and 3) bypasses six existing state-of-the-art defenses. Moreover, our comparison with a state-of-the-art non-data-free backdoor attack shows our attack is more stealthy and effective against various defenses while achieving less classification accuracy loss.

The U.S. military is spending more than $4.5 million to develop facial recognition technology that reads the pattern of heat being emitted by faces in order to identify specific people. The technology would work in the dark and across long distances, according to contracts posted on a federal spending database. Facial recognition is already employed by the military, which uses the technology to identify individuals on the battlefield. But existing facial recognition technology typically relies on images generated by standard cameras, such as those found in iPhone or CCTV networks. Now, the military wants to develop a facial recognition system that analyzes infrared images to identify individuals.

Over the last 15 years, the United States military has developed a new addition to its arsenal. The weapon is deployed around the world, largely invisible, and grows more powerful by the day. That weapon is a vast database, packed with millions of images of faces, irises, fingerprints, and DNA data -- a biometric dragnet of anyone who has come in contact with the U.S. military abroad. The 7.4 million identities in the database range from suspected terrorists in active military zones to allied soldiers training with U.S. forces. "Denying our adversaries anonymity allows us to focus our lethality. It's like ripping the camouflage netting off the enemy ammunition dump," wrote Glenn Krizay, director of the Defense Forensics and Biometrics Agency, in notes obtained by OneZero.