Next Article in Journal
A Throughput Analysis of C+L-Band Optical Networks: A Comparison Between the Use of Band-Dedicated and Single-Wideband Amplification
Previous Article in Journal
Research on Circulating-Current Suppression Strategy of MMC Based on Passivity-Based Integral Sliding Mode Control for Multiphase Wind Power Grid-Connected Systems
Previous Article in Special Issue
Malicious Cloud Service Traffic Detection Based on Multi-Feature Fusion
 
 
Font Type:
Arial Georgia Verdana
Font Size:
Aa Aa Aa
Line Spacing:
Column Width:
Background:
This is an early access version, the complete PDF, HTML, and XML versions will be available soon.
Article

BASK: Backdoor Attack for Self-Supervised Encoders with Knowledge Distillation Survivability

1
School of Cyber Science and Engineering, Zhengzhou University, Zhengzhou 450002, China
2
School Of Pharmaceutical Sciences, Shandong University, Jinan 250012, China
3
Songshan Laboratory, Zhengzhou 450000, China
*
Author to whom correspondence should be addressed.
Electronics 2025, 14(13), 2724; https://doi.org/10.3390/electronics14132724 (registering DOI)
Submission received: 24 May 2025 / Revised: 3 July 2025 / Accepted: 3 July 2025 / Published: 6 July 2025
(This article belongs to the Special Issue Advancements in AI-Driven Cybersecurity and Securing AI Systems)

Abstract

Backdoor attacks in self-supervised learning pose an increasing threat. Recent studies have shown that knowledge distillation can mitigate these attacks by altering feature representations. In response, we propose BASK, a novel backdoor attack that remains effective after distillation. BASK uses feature weighting and representation alignment strategies to implant persistent backdoors into the encoder’s feature space. This enables transferability to student models. We evaluated BASK on the CIFAR-10 and STL-10 datasets and compared it with existing self-supervised backdoor attacks under four advanced defenses: SEED, MKD, Neural Cleanse, and MiMiC. Our experimental results demonstrate that BASK maintains high attack success rates while preserving downstream task performance. This highlights the robustness of BASK and the limitations of current defense mechanisms.
Keywords: backdoor attack; self-supervised learning encoder; knowledge distillation; neural network security backdoor attack; self-supervised learning encoder; knowledge distillation; neural network security

Share and Cite

MDPI and ACS Style

Zhang, Y.; Li, G.; Zhang, Y.; Cao, Y.; Cao, M.; Xue, C. BASK: Backdoor Attack for Self-Supervised Encoders with Knowledge Distillation Survivability. Electronics 2025, 14, 2724. https://doi.org/10.3390/electronics14132724

AMA Style

Zhang Y, Li G, Zhang Y, Cao Y, Cao M, Xue C. BASK: Backdoor Attack for Self-Supervised Encoders with Knowledge Distillation Survivability. Electronics. 2025; 14(13):2724. https://doi.org/10.3390/electronics14132724

Chicago/Turabian Style

Zhang, Yihong, Guojia Li, Yihui Zhang, Yan Cao, Mingyue Cao, and Chengyao Xue. 2025. "BASK: Backdoor Attack for Self-Supervised Encoders with Knowledge Distillation Survivability" Electronics 14, no. 13: 2724. https://doi.org/10.3390/electronics14132724

APA Style

Zhang, Y., Li, G., Zhang, Y., Cao, Y., Cao, M., & Xue, C. (2025). BASK: Backdoor Attack for Self-Supervised Encoders with Knowledge Distillation Survivability. Electronics, 14(13), 2724. https://doi.org/10.3390/electronics14132724

Note that from the first issue of 2016, this journal uses article numbers instead of page numbers. See further details here.

Article Metrics

Article metric data becomes available approximately 24 hours after publication online.
Back to TopTop