Odyssey: Creation, Analysis and Detection of Trojan Models

Edraki, Marzieh; Karim, Nazmul; Rahnavard, Nazanin; Mian, Ajmal; Shah, Mubarak

doi:10.48550/arxiv.2007.08142

Cited by 3 publications

(3 citation statements)

References 33 publications

(37 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The top algorithms of it are: Random Forest, Decision Trees, Logistic Regression, Support Vector Machines. Convolutional Neural Networks (CNN) by Al-Saffar et al (2017); Edraki et al (2020), Recurrent Neural Network (RNN) by Sak et al (2014), Long Short-Term Memory (LSTM) by Sak et al (2014), Multilayer perceptron (MLP). These are the types of DL that are generally trained as supervised methods.…”

Section: Supervised Learningmentioning

confidence: 99%

The Prominence of Artificial Intelligence in COVID-19

Nasim¹,

Dhali²,

Afrin³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

In December 2019, a novel virus called COVID-19 had caused an enormous number of causalities to date. The battle with the novel Coronavirus is baffling and horrifying after the Spanish Flu 2019. While the front-line doctors and medical researchers have made significant progress in controlling the spread of the highly contiguous virus, technology has also proved its significance in the battle. Moreover, Artificial Intelligence has been adopted in many medical applications to diagnose many diseases, even baffling experienced doctors. Therefore, this survey paper explores the methodologies proposed that can aid doctors and researchers in early and inexpensive methods of diagnosis of the disease. Most developing countries have difficulties carrying out tests using the conventional manner, but a significant way can be adopted with Machine and Deep Learning. On the other hand, the access to different types of medical images has motivated the researchers. As a result, a mammoth number of techniques are proposed. This paper first details the background knowledge of the conventional methods in the Artificial Intelligence domain. Following that, we gather the commonly used datasets and their use cases to date. In addition, we also show the percentage of researchers adopting Machine Learning over Deep Learning. Thus we provide a thorough analysis of this scenario. Lastly, in the research challenges, we elaborate on the problems faced in COVID-19 research, and we address the issues with our understanding to build a bright and healthy environment.

show abstract

Section: Supervised Learningmentioning

confidence: 99%

The Prominence of Artificial Intelligence in COVID-19

Nasim¹,

Dhali²,

Afrin³

et al. 2021

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…The attack is insidious since the Trojan trigger is only known to the attacker; the model outputs the correct label when the trigger is absent. Other state-of-the-art Trojan insertion methods are proposed in [9,22,34,51,4]. Inserting Trojans using transfer learning [46] or retraining [25] has been demonstrated.…”

Section: Related Workmentioning

confidence: 99%

MISA: Online Defense of Trojaned Models using Misattributions

Kiourti¹,

Li²,

Roy³

et al. 2021

Preprint

View full text Add to dashboard Cite

This paper proposes a new approach to detecting neural Trojans on Deep Neural Networks during inference. This approach is based on monitoring the inference of a machine learning model, computing the attribution of the model's decision on different features of the input, and then statistically analyzing these attributions to detect whether an input sample contains the Trojan trigger. The anomalous attributions, aka misattributions, are then accompanied by reverse-engineering of the trigger to evaluate whether the input sample is truly poisoned with a Trojan trigger. We evaluate our approach on several benchmarks, including models trained on MNIST, Fashion MNIST, and German Traffic Sign Recognition Benchmark, and demonstrate the state of the art detection accuracy.

show abstract

“…The state-of-the-art Trojan insertion methods [12,32,44,63,17,8,17] use a minuscule amount of data poisoned with the Trojan trigger pattern (e.g., a local patch, a filter with specific settings). Alternative methods inject Trojans through transfer learning [58], retraining a DNN [35], direct manipulation of DNN weights [11,43], or addition of malicious modules [50].…”

Section: Adversarial Trojan Attacks and Defensesmentioning

confidence: 99%

Detecting Trojaned DNNs Using Counterfactual Attributions

Sikka¹,

Sur²,

Jha³

et al. 2020

Preprint

View full text Add to dashboard Cite

We target the problem of detecting Trojans or backdoors in DNNs. Such models behave normally with typical inputs but produce specific incorrect predictions for inputs poisoned with a Trojan trigger. Our approach is based on a novel observation that the trigger behavior depends on a few ghost neurons that activate on trigger pattern and exhibit abnormally higher relative attribution for wrong decisions when activated. Further, these trigger neurons are also active on normal inputs of the target class. Thus, we use counterfactual attributions to localize these ghost neurons from clean inputs and then incrementally excite them to observe changes in the model's accuracy. We use this information for Trojan detection by using a deep set encoder that enables invariance to the number of model classes, architecture, etc. Our approach is implemented in the TrinityAI tool that exploits the synergies between trustworthiness, resilience, and interpretability challenges in deep learning. We evaluate our approach on benchmarks with high diversity in model architectures, triggers, etc. We show consistent gains (+10%) over state-of-the-art methods that rely on the susceptibility of the DNN to specific adversarial attacks, which in turn requires strong assumptions on the nature of the Trojan attack.

show abstract

Odyssey: Creation, Analysis and Detection of Trojan Models

Cited by 3 publications

References 33 publications

The Prominence of Artificial Intelligence in COVID-19

The Prominence of Artificial Intelligence in COVID-19

MISA: Online Defense of Trojaned Models using Misattributions

Detecting Trojaned DNNs Using Counterfactual Attributions

Contact Info

Product

Resources

About