Imperceptible and Multi-channel Backdoor Attack against Deep Neural
Networks
- URL: http://arxiv.org/abs/2201.13164v1
- Date: Mon, 31 Jan 2022 12:19:28 GMT
- Title: Imperceptible and Multi-channel Backdoor Attack against Deep Neural
Networks
- Authors: Mingfu Xue, Shifeng Ni, Yinghao Wu, Yushu Zhang, Jian Wang, Weiqiang
Liu
- Abstract summary: We propose a novel imperceptible and multi-channel backdoor attack against Deep Neural Networks.
Specifically, for a colored image, we utilize DCT steganography to construct the trigger on different channels of the image.
Experimental results demonstrate that the average attack success rate of the N-to-N backdoor attack is 93.95% on CIFAR-10 dataset and 91.55% on TinyImageNet dataset.
- Score: 9.931056642574454
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recent researches demonstrate that Deep Neural Networks (DNN) models are
vulnerable to backdoor attacks. The backdoored DNN model will behave
maliciously when images containing backdoor triggers arrive. To date, existing
backdoor attacks are single-trigger and single-target attacks, and the triggers
of most existing backdoor attacks are obvious thus are easy to be detected or
noticed. In this paper, we propose a novel imperceptible and multi-channel
backdoor attack against Deep Neural Networks by exploiting Discrete Cosine
Transform (DCT) steganography. Based on the proposed backdoor attack method, we
implement two variants of backdoor attacks, i.e., N-to-N backdoor attack and
N-to-One backdoor attack. Specifically, for a colored image, we utilize DCT
steganography to construct the trigger on different channels of the image. As a
result, the trigger is stealthy and natural. Based on the proposed method, we
implement multi-target and multi-trigger backdoor attacks. Experimental results
demonstrate that the average attack success rate of the N-to-N backdoor attack
is 93.95% on CIFAR-10 dataset and 91.55% on TinyImageNet dataset, respectively.
The average attack success rate of N-to-One attack is 90.22% and 89.53% on
CIFAR-10 and TinyImageNet datasets, respectively. Meanwhile, the proposed
backdoor attack does not affect the classification accuracy of the DNN model.
Moreover, the proposed attack is demonstrated to be robust to the
state-of-the-art backdoor defense (Neural Cleanse).
Related papers
- BeniFul: Backdoor Defense via Middle Feature Analysis for Deep Neural Networks [0.6872939325656702]
We propose an effective and comprehensive backdoor defense method named BeniFul, which consists of two parts: a gray-box backdoor input detection and a white-box backdoor elimination.
Experimental results on CIFAR-10 and Tiny ImageNet against five state-of-the-art attacks demonstrate that our BeniFul exhibits a great defense capability in backdoor input detection and backdoor elimination.
arXiv Detail & Related papers (2024-10-15T13:14:55Z) - Backdoor Attack with Sparse and Invisible Trigger [57.41876708712008]
Deep neural networks (DNNs) are vulnerable to backdoor attacks.
backdoor attack is an emerging yet threatening training-phase threat.
We propose a sparse and invisible backdoor attack (SIBA)
arXiv Detail & Related papers (2023-05-11T10:05:57Z) - Look, Listen, and Attack: Backdoor Attacks Against Video Action
Recognition [53.720010650445516]
We show that poisoned-label image backdoor attacks could be extended temporally in two ways, statically and dynamically.
In addition, we explore natural video backdoors to highlight the seriousness of this vulnerability in the video domain.
And, for the first time, we study multi-modal (audiovisual) backdoor attacks against video action recognition models.
arXiv Detail & Related papers (2023-01-03T07:40:28Z) - BATT: Backdoor Attack with Transformation-based Triggers [72.61840273364311]
Deep neural networks (DNNs) are vulnerable to backdoor attacks.
Backdoor adversaries inject hidden backdoors that can be activated by adversary-specified trigger patterns.
One recent research revealed that most of the existing attacks failed in the real physical world.
arXiv Detail & Related papers (2022-11-02T16:03:43Z) - Test-Time Detection of Backdoor Triggers for Poisoned Deep Neural
Networks [24.532269628999025]
Backdoor (Trojan) attacks are emerging threats against deep neural networks (DNN)
In this paper, we propose an "in-flight" defense against backdoor attacks on image classification.
arXiv Detail & Related papers (2021-12-06T20:52:00Z) - Backdoor Attack in the Physical World [49.64799477792172]
Backdoor attack intends to inject hidden backdoor into the deep neural networks (DNNs)
Most existing backdoor attacks adopted the setting of static trigger, $i.e.,$ triggers across the training and testing images.
We demonstrate that this attack paradigm is vulnerable when the trigger in testing images is not consistent with the one used for training.
arXiv Detail & Related papers (2021-04-06T08:37:33Z) - Black-box Detection of Backdoor Attacks with Limited Information and
Data [56.0735480850555]
We propose a black-box backdoor detection (B3D) method to identify backdoor attacks with only query access to the model.
In addition to backdoor detection, we also propose a simple strategy for reliable predictions using the identified backdoored models.
arXiv Detail & Related papers (2021-03-24T12:06:40Z) - Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition
Systems [0.0]
We propose a novel black-box backdoor attack technique on face recognition systems.
We show that the backdoor trigger can be quite effective, where the attack success rate can be up to $88%$.
We highlight that our study revealed a new physical backdoor attack, which calls for the attention of the security issue of the existing face recognition/verification techniques.
arXiv Detail & Related papers (2020-09-15T11:50:29Z) - Defending against Backdoor Attack on Deep Neural Networks [98.45955746226106]
We study the so-called textitbackdoor attack, which injects a backdoor trigger to a small portion of training data.
Experiments show that our method could effectively decrease the attack success rate, and also hold a high classification accuracy for clean images.
arXiv Detail & Related papers (2020-02-26T02:03:00Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.