Ditto: An Adaptable and Highly Robust Invisible Backdoor Attack Towards Deep Neural Networks

With the widespread application of deep neural networks across various fields, issues related to model security have become increasingly prevalent. Backdoor attacks, as a covert method of attack, can implant malicious behavior during the model training process, causing the model to perform predetermined tasks under specific trigger conditions. However, current backdoor attacks struggle to achieve a good balance between stealthiness and attack success rate, and there is an issue in which certain data transformation operations can negatively impact attack performance. To address these issues, this paper proposes a specialized backdoor attack method called Ditto. It first uses a boundary detection algorithm and a padding algorithm to determine the trigger’s insertion position. The trigger is then dynamically generated using a generative adversarial network, taking into account the texture features of the images. Subsequently, the trigger is applied to the images, and its level of stealthiness is adjusted. Compared to existing popular backdoor attack methods, the experimental results ensure a high level of stealthiness while also maintaining a high attack success rate and a high accuracy for clean data. Furthermore, our attack method exhibits considerable robustness and adaptability, demonstrating effective resistance against baseline backdoor defense techniques.