Stealthy dynamic backdoor attack against neural networks for image classification

Deep Neural Networks (DNNs) are vulnerable to backdoor attacks, which are external entity model providers that can inject backdoors into the network for illegal purposes. Current attack methods rely on manipulated images with embedded triggers to infiltrate carrier networks, but they suffer from detectable distortions and limited integration into neural networks. To delve further into the potential vulnerabilities of these models, this study introduces an innovative backdoor attack strategy, leveraging deep learning steganography through a Generative Adversarial Network (GAN). Our approach utilizes steganography to create manipulated images, capitalizing on the unique sensitivity of neural networks to minute perturbations. The network is then trained de novo with these manipulated images, creating a backdoor-infused model. Fundamentally, our method harnesses the pronounced sensitivity of DNNs to nuanced alterations. Experimental outcomes substantiate that our backdoor can be effectively integrated into the models, yielding high attack success rates. Notably, it also adeptly circumvents both contemporary state-of-the-art defense mechanisms and human inspection. Our source code is publicly accessible at https://github.com/DLAIResearch/NNSDB.