Home » Journal of Intelligent Communication

A Zero‑Sum Game‑Theoretic Analysis for Cost‑Aware Backdoor Attacks and Defenses in Deep Learning

Kassem Kallas ORCID
IMT Atlantique, Inserm UMR 1101, 29200 Brest, France; National Institute of Health and Medical Research, Inserm UMR 1101, 29200 Brest, France
Carine Tannous ORCID
IMT Atlantique, Inserm UMR 1101, 29200 Brest, France
Hichem Faraoun ORCID
IMT Atlantique, Inserm UMR 1101, 29200 Brest, France
Received: 02 September 2025
Published: 04 September 2025

Abstract

Backdoor attacks pose a critical and increasingly realistic security threat to deep neural networks (DNNs), enabling adversaries to implant hidden behaviors that remain dormant under normal conditions while preserving high performance on benign data. Although numerous defenses have been proposed, most works treat the interaction between attackers and defenders in isolation, without a principled mechanism to analyze their strategic interplay under realistic resource constraints. This paper introduces BGCost, a zero‑sum game‑theoretic framework that formalizes backdoor attack–defense dynamics with explicit cost‑aware utility functions. The attacker seeks to maximize Attack Success Rate (ASR) while maintaining Clean Data Accuracy (CDA) above an acceptance threshold to remain stealthy, whereas the defender aims to limit ASR and preserve CDA while minimizing the computational and accuracy costs induced by mitigation. By embedding resource consumption directly into the utilities of both players, BGCost provides a structured benchmark to study equilibrium strategies across unconstrained, balanced, and high‑cost operational regimes. Through numerical simulations, we show that cost‑aware game modeling fundamentally alters equilibrium behavior: unconstrained settings drive extreme strategies, costly defenses weaken robustness, costly attacks suppress adversarial impact, and balanced configurations yield deployment‑friendly equilibria with low ASR and high CDA. Rather than proposing a new algorithmic defense, BGCost serves as a decision‑theoretic tool that complements existing mechanisms by revealing how cost constraints shape optimal attacker–defender behavior in practice, guiding the design of realistic and resource‑efficient protections against backdoor threats.

Keywords

References

×