Saved in:
Bibliographic Details
Main Authors: Bowen, Lu, Tang, Xinyu, Low, Yin Yin, Leong, Shu-Min
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2605.08280
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866917474501394432
author Bowen, Lu
Tang, Xinyu
Low, Yin Yin
Leong, Shu-Min
author_facet Bowen, Lu
Tang, Xinyu
Low, Yin Yin
Leong, Shu-Min
contents Preserving model fidelity is essential for stealthy text-to-image (T2I) backdoor attacks. Existing methods such as Learning without Forgetting (LwF) rely on output-based distillation, which provides limited regularization. We introduce Elastic Weight Consolidation (EWC) as a parameter-based alternative for preserving fidelity in backdoor learning. While stronger in principle, we show that standard static EWC with a fixed regularization weight lambda and mean-squared utility loss creates an artificial trade-off between attack success rate (ASR) and fidelity, particularly degrading performance on weak triggers. To address this, we propose Cosine-Aware Adaptive EWC, which dynamically adjusts EWC regularization using a cosine-based semantic utility and adaptive scheduling. This approach transforms EWC from a fixed penalty into a context-sensitive constraint, maintaining high ASR while preserving model fidelity. Experiments demonstrate improved ASR-fidelity balance and enhanced robustness on out-of-domain (OOD) datasets compared to existing baselines.
format Preprint
id arxiv_https___arxiv_org_abs_2605_08280
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Beyond the False Trade-off: Adaptive EWC for Stealthy and Generalizable T2I Backdoors
Bowen, Lu
Tang, Xinyu
Low, Yin Yin
Leong, Shu-Min
Machine Learning
Artificial Intelligence
Preserving model fidelity is essential for stealthy text-to-image (T2I) backdoor attacks. Existing methods such as Learning without Forgetting (LwF) rely on output-based distillation, which provides limited regularization. We introduce Elastic Weight Consolidation (EWC) as a parameter-based alternative for preserving fidelity in backdoor learning. While stronger in principle, we show that standard static EWC with a fixed regularization weight lambda and mean-squared utility loss creates an artificial trade-off between attack success rate (ASR) and fidelity, particularly degrading performance on weak triggers. To address this, we propose Cosine-Aware Adaptive EWC, which dynamically adjusts EWC regularization using a cosine-based semantic utility and adaptive scheduling. This approach transforms EWC from a fixed penalty into a context-sensitive constraint, maintaining high ASR while preserving model fidelity. Experiments demonstrate improved ASR-fidelity balance and enhanced robustness on out-of-domain (OOD) datasets compared to existing baselines.
title Beyond the False Trade-off: Adaptive EWC for Stealthy and Generalizable T2I Backdoors
topic Machine Learning
Artificial Intelligence
url https://arxiv.org/abs/2605.08280