Baseline Pruning-Based Approach to Trojan Detection in Neural Networks
This addresses security concerns for users of neural networks by providing a detection method, but it is incremental as it builds on pruning techniques.
The paper tackles the problem of detecting trojans in neural networks by analyzing pruned models, achieving average classification accuracies of 69.73% and 82.41% on two datasets, with processing times under 60 seconds per model.
This paper addresses the problem of detecting trojans in neural networks (NNs) by analyzing systematically pruned NN models. Our pruning-based approach consists of three main steps. First, detect any deviations from the reference look-up tables of model file sizes and model graphs. Next, measure the accuracy of a set of systematically pruned NN models following multiple pruning schemas. Finally, classify a NN model as clean or poisoned by applying a mapping between accuracy measurements and NN model labels. This work outlines a theoretical and experimental framework for finding the optimal mapping over a large search space of pruning parameters. Based on our experiments using Round 1 and Round 2 TrojAI Challenge datasets, the approach achieves average classification accuracy of 69.73 % and 82.41% respectively with an average processing time of less than 60 s per model. For both datasets random guessing would produce 50% classification accuracy. Reference model graphs and source code are available from GitHub.