A multitarget backdooring attack on deep neural networks with random location trigger

Yu Xiao, Liu Cong, Zheng Mingwen, Wang Yajie, Liu Xinrui, Song Shuxiao, Ma Yuexuan, Zheng Jun*

*此作品的通讯作者

科研成果: 期刊稿件文章同行评审

14 引用 (Scopus)

摘要

Machine learning has made tremendous progress and applied to various critical practical applications. However, recent studies have shown that machine learning models are vulnerable to malicious attackers, such as neural network backdoor triggering. A successful backdoor triggering behavior may cause serious consequences, such as allowing the attacker to bypass the identity verification and directly enter the system. In image classification, there is always only one target label triggered by one backdoor trigger in previous works. The position of the backdoor trigger is also fixed, which brings limitations to the attack. In this paper, we propose a novel method that utilizes one trigger pattern to correspond to multiple target labels, and the location of the trigger is not limited. In our method, the trigger guarantees that the malicious output is within the range of multiple targets chosen by the attacker, but the specific target depends on the original image where the trigger is pasted. Due to the original images' diversity, it is difficult for the defender to predict which target the image with the trigger is classified as. Besides, the attacker can use only one trigger pattern to achieve multitarget attacks at different locations, which brings more flexibility. We also proposed to train a neural network as a detector to distinguish backdoor images and clean images for multitarget backdooring attacks. Experiment results show that the detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is as high as 86.02%.

源语言英语
页(从-至)2567-2583
页数17
期刊International Journal of Intelligent Systems
37
3
DOI
出版状态已出版 - 3月 2022

指纹

探究 'A multitarget backdooring attack on deep neural networks with random location trigger' 的科研主题。它们共同构成独一无二的指纹。

引用此

Xiao, Y., Cong, L., Mingwen, Z., Yajie, W., Xinrui, L., Shuxiao, S., Yuexuan, M., & Jun, Z. (2022). A multitarget backdooring attack on deep neural networks with random location trigger. International Journal of Intelligent Systems, 37(3), 2567-2583. https://doi.org/10.1002/int.22785