Go to DBLP homepageRGB Single-Channel Frequency Domain Backdoor Attack on Image Manipulation Localization
Abstract: In the contemporary digital era, the advancement and pervasive adoption of image manipulation technologies present unprecedented challenges to the authenticity of information. The extensive application of deep learning techniques in image processing has made detecting forged images a critical task for ensuring information security. Nonetheless, research in this field often neglects a potential risk: the security of training datasets. Previous backdoor attacks typically introduce triggers through semantic or noise manipulation, causing models to focus on these elements. Models designed to locate manipulated regions, however, often need to focus on high-frequency edges or artifacts, leading to suboptimal performance when distracted by these triggers. This paper introduces a novel Single-Channel RGB Frequency-Domain Backdoor Attack (SC-FDI), designed to manipulate the RGB channels by introducing triggers into the training data. This manipulation hinders the trained model from accurately identifying forged regions in images. Specifically, the original image is first separated into its RGB channels, then the Discrete Cosine Transform (DCT) is applied to one of the channels, the DCT coefficients in the high-frequency region are amplified, and the image is reassembled after inverse transformation. Experimental results on multiple datasets indicate that our method surpasses existing approaches in both stealthiness and attack efficacy.
Loading