Invisible and Multi-triggers Backdoor Attack Approach on Deep Neural Networks through Frequency Domain

In recent years, the security of deep neural networks (DNNs) has become a research hotspot with widespread deployments of machine learning models in our daily life. Backdoor attack is an emerging security threat to DNNs, where the infected model will output malicious targets for the images containing specific triggers. However, most existing backdoor attack approaches have only single trigger, and the triggers are often visible to human eyes. In order to overcome these limitations, in this paper, we propose an invisible and multi-triggers backdoor attack (IMT-BA) approach to simultaneously generate four invisible triggers. Firstly, in our IMT-BA approach, we divide the whole images into four blocks and apply Discrete Cosine Transform (DCT) algorithm to generate four invisible triggers aiming at four targets. Secondly, our IMT-BA approach can be easily deployed in real world without any knowledge of the hyperparameters and architectures of the DNNs models. Finally, we do the experiments with MNIST and CIFAR-10 datasets and the experiment results show our IMT-BA approach can fool both DNNs models and Human Visual System (HVS) with high success rate.