A Random Multi-target Backdooring Attack on Deep Neural Networks

Abstract

Deep learning has made tremendous progress in the past ten years and has been applied in various critical practical applications. However, recent studies have shown that deep learning models are vulnerable to backdoor attacks in which the target labels chosen by the attacker can be one or multiple. Conventional multi-target backdoor attack focus on applying multiple triggers to implement multi-target attack. In this paper, we propose a novel method that utilizes one trigger to correspond to multiple target labels, and the location of the trigger is not limited, which brings more flexibility. After proposing the backdoor attack, we also considered defending against this kind of attack. Therefore, to distinguish backdoor images and clean images, we propose a method to train a neural network as a detector to detect if the image has an abnormal part. Our experimental results show that our attack success rate is higher than 90% on MNIST, Cifar-10, and GTSRB. Our detection method can also successfully detect the backdoor image with a trigger at a random location of the image, and the detection success rate is 86.02%.