Topological Detection of Trojaned Neural Networks
About
Deep neural networks are known to have security issues. One particular threat is the Trojan attack. It occurs when the attackers stealthily manipulate the model's behavior through Trojaned training samples, which can later be exploited. Guided by basic neuroscientific principles we discover subtle -- yet critical -- structural deviation characterizing Trojaned models. In our analysis we use topological tools. They allow us to model high-order dependencies in the networks, robustly compare different networks, and localize structural abnormalities. One interesting observation is that Trojaned models develop short-cuts from input to output layers. Inspired by these observations, we devise a strategy for robust detection of Trojaned models. Compared to standard baselines it displays better performance on multiple benchmarks.
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Trojaned Model Detection | MNIST LeNet5 (test) | Accuracy85 | 5 | |
| Trojaned Model Detection | MNIST Resnet18 (test) | Accuracy87 | 5 | |
| Trojaned Model Detection | CIFAR10 Resnet18 (test) | Accuracy93 | 5 | |
| Trojaned Model Detection | CIFAR10 Densenet121 (test) | Accuracy84 | 5 | |
| Trojan Detection | IARPA/NIST TrojAI ResNet Round 1 | Accuracy77 | 4 | |
| Trojan Detection | IARPA/NIST TrojAI DenseNet Round 1 | ACC62 | 4 |