Security Researcher, Cat Lover and Escape Room Aficionado!
Security Researcher, Cat Lover and Escape Room Aficionado!
20 August 2025
I am very excited to present my work, VillainNet: Targeted Poisoning Attacks Against SuperNets Along the Accuracy-Latency Pareto Frontier at the 32nd ACM Conference on Computer and Communications Security (CCS)!
Here is a synopsis of it, more to come in a future blog post with the link to the presentation and paper:
State-of-the-art SuperNets improve AI adaptability by dynamically activating different subnetworks. This dynamism is a double-edged sword as it makes AI deployment more flexible, but also creates a wider attack surface. This paper introduces VillainNet (VNET), a novel poisoning attack that allows an adversary to implant a stealthy backdoor that activates only within specific, attacker-chosen subnetworks, while remaining dormant across billions of other configurations. VNET achieves this precision by using novel distance metrics—based on architectural and computational similarity—to confine the backdoor’s effects exclusively to targeted subnetworks during the training process. The method is highly effective, achieving a ~99% attack success rate in targeted subnetworks while increasing the cost of detection for defenders, requiring them to sample on average 66 different subnetworks to detect the attack.