CLEANN: Accelerated Trojan Shield for Embedded Neural Networks
This addresses security vulnerabilities in embedded AI systems, offering a lightweight solution for real-time mitigation, though it appears incremental as it builds on prior work with a novel methodology.
The authors tackled the problem of Trojan attacks in embedded deep neural networks by proposing CLEANN, an end-to-end framework that recovers ground-truth classes for Trojan samples without labeled data or model retraining, achieving competitive attack resiliency and execution overhead in evaluations.
We propose CLEANN, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger. What differentiates CLEANN from the prior work is its lightweight methodology which recovers the ground-truth class of Trojan samples without the need for labeled data, model retraining, or prior assumptions on the trigger or the attack. We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers. CLEANN is devised based on algorithm/hardware co-design and is equipped with specialized hardware to enable efficient real-time execution on resource-constrained embedded platforms. Proof of concept evaluations on CLEANN for the state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its competitive advantage in terms of attack resiliency and execution overhead.