Recent researches demonstrate that Deep Neural Networks (DNN) models are vulnerable to backdoor attacks. The backdoored DNN model will behave maliciously when images containing backdoor triggers arrive. To date, existing backdoor attacks are single-trigger and single-target attacks, and the triggers of most existing backdoor attacks are obvious thus are easy to be detected or noticed. In this paper, we propose a novel imperceptible and multi-channel backdoor attack against Deep Neural Networks by exploiting Discrete Cosine Transform (DCT) steganography. Based on the proposed backdoor attack method, we implement two variants of backdoor attacks, i.e., N-to-N backdoor attack and N-to-One backdoor attack. Specifically, for a colored image, we utilize DCT steganography to construct the trigger on different channels of the image. As a result, the trigger is stealthy and natural. Based on the proposed method, we implement multi-target and multi-trigger backdoor attacks. Experimental results demonstrate that the average attack success rate of the N-to-N backdoor attack is 93.95% on CIFAR-10 dataset and 91.55% on TinyImageNet dataset, respectively. The average attack success rate of N-to-One attack is 90.22% and 89.53% on CIFAR-10 and TinyImageNet datasets, respectively. Meanwhile, the proposed backdoor attack does not affect the classification accuracy of the DNN model. Moreover, the proposed attack is demonstrated to be robust to the state-of-the-art backdoor defense (Neural Cleanse).
翻译:最近的研究表明深神经网络(DNN) 模式很容易受到后门攻击。 当含有后门触发器的图像到达时, 后门 DNN 模式将出现恶意行为。 到目前为止, 现有的后门攻击是单触发器和单目标攻击, 而大多数现有的后门攻击的触发器显然很容易被检测或注意到。 在本文中, 我们提议对深神经网络( Deep Neal Net) 模式进行新的隐蔽和多通道的后门攻击。 根据提议的后门攻击方法, 我们实施后门攻击的后门DNNNNNNNNNN的后门攻击两个变种。 具体地说, 对于有色图像的图像,我们使用DCT的感应感应法来构建触发器。 结果, 触发器是隐性和自然的。 根据拟议方法, 我们实施多目标的后门和多级后门攻击。 我们的后门攻击方法, 实验结果显示, N- N- N- N- N- N- N- N- R- R- RA 攻击的平均攻击成功率 和 N- R- RA- N- N- N- RA- N- 攻击率 平均攻击率 攻击率- 攻击率