Universal Litmus Patterns: Revealing Backdoor Attacks in CNNs
About
The unprecedented success of deep neural networks in many applications has made these networks a prime target for adversarial exploitation. In this paper, we introduce a benchmark technique for detecting backdoor attacks (aka Trojan attacks) on deep convolutional neural networks (CNNs). We introduce the concept of Universal Litmus Patterns (ULPs), which enable one to reveal backdoor attacks by feeding these universal patterns to the network and analyzing the output (i.e., classifying the network as `clean' or `corrupted'). This detection is fast because it requires only a few forward passes through a CNN. We demonstrate the effectiveness of ULPs for detecting backdoor attacks on thousands of networks with different architectures trained on four benchmark datasets, namely the German Traffic Sign Recognition Benchmark (GTSRB), MNIST, CIFAR10, and Tiny-ImageNet. The codes and train/test models for this paper can be found here https://umbcvision.github.io/Universal-Litmus-Patterns/.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Trojan Detection | CIFAR-10 | True Positives (TP)1 | 22 | |
| Backdoor Detection | GTSRB WaNet Attack (test) | AUC0.9265 | 15 | |
| Backdoor Detection | GTSRB BppAttack (test) | AUC0.9232 | 15 | |
| Backdoor Detection | GTSRB SIG attack (test) | AUC83.07 | 15 | |
| Trojaned Model Detection | MNIST Resnet18 (test) | Accuracy71 | 5 | |
| Trojaned Model Detection | MNIST LeNet5 (test) | Accuracy58 | 5 | |
| Trojaned Model Detection | CIFAR10 Resnet18 (test) | Accuracy56 | 5 | |
| Trojaned Model Detection | CIFAR10 Densenet121 (test) | Accuracy55 | 5 | |
| Trojan Detection | IARPA/NIST TrojAI DenseNet Round 1 | ACC63 | 4 | |
| Trojan Detection | IARPA/NIST TrojAI ResNet Round 1 | Accuracy63 | 4 |