An illumination based backdoor attack against crack detection systems in laser beam welding

Huo, Wenjie; Schmies, Lennart; Gumenyuk, Andrey; Rethmeier, Michael; Wolter, Katinka

doi:10.24405/20021

An illumination based backdoor attack against crack detection systems in laser beam welding

Publication date

2025-05-27

Document type

Konferenzbeitrag

Author

Huo, Wenjie

Schmies, Lennart

Gumenyuk, Andrey

Rethmeier, Michael

Wolter, Katinka

Organisational unit

Mathematics and Computer Science, Free University Berlin

BAM - Bundesanstalt für Materialforschung und -prüfung, Fachbereich Schweißtechnische Fertigungsverfahren, Berlin

DOI

10.24405/20021

URI

https://openhsu.ub.hsu-hh.de/handle/10.24405/20021

Conference

8th ML4CPS 2025 – Machine Learning for Cyber-Physical Systems

Publisher

Universitätsbibliothek der HSU/UniBw H

Book title

Machine learning for cyber physical systems : proceedings of the conference ML4CPS 2025

First page

12

Last page

21

Is part of

https://openhsu.ub.hsu-hh.de/handle/10.24405/20018

Part of the university bibliography

Nein

Files

openHSU_20021.pdf (3.11 MB)

Language

English

Keyword

Welding crack detection

Backdoor attack

Deep neural networks

System security

Abstract

Deep neural networks (DNNs) have been wildly used in engineering and have achieved state-of-the-art performance in prediction and measurement tasks. A solidification crack is a serious fault during laser beam welding and it has been proven to be successfully detected using DNNs. Recently, research on the security of DNNs is receiving increasing attention because it is necessary to explore the reliability of DNNs to avoid potential security risks. The backdoor attack is a serious threat, where attackers aim to inject an inconspicuous pattern referred to as trigger into a small portion of training data, resulting in incorrect predictions in the reference phase whenever the input contains the trigger. In this work, we first generate experimental data containing actual cracks in the welding laboratory for training a crack detection model. Then, targeting this scenario, we design a new type of backdoor attack to induce the model to predict the crack as a normal state. Considering the stealthiness of the attack, a common phenomenon during the welding process, illumination, is used as the backdoor trigger. Experimental results demonstrate that the proposed method can successfully attack the crack detection system and achieve over 90% attack success rate on the test set.

Version

Published version

Access right on openHSU

Open access

Options

An illumination based backdoor attack against crack detection systems in laser beam welding