Trigger Hunting with a Topological Prior for Trojan Detection
This addresses security vulnerabilities in DNNs for mission-critical applications, representing an incremental improvement in reverse engineering methods for Trojan detection.
The paper tackles the problem of Trojan detection in deep neural networks by proposing innovative priors like diversity and topological simplicity to improve trigger recovery, resulting in substantially improved detection accuracy on synthetic and TrojAI benchmarks.
Despite their success and popularity, deep neural networks (DNNs) are vulnerable when facing backdoor attacks. This impedes their wider adoption, especially in mission critical applications. This paper tackles the problem of Trojan detection, namely, identifying Trojaned models -- models trained with poisoned data. One popular approach is reverse engineering, i.e., recovering the triggers on a clean image by manipulating the model's prediction. One major challenge of reverse engineering approach is the enormous search space of triggers. To this end, we propose innovative priors such as diversity and topological simplicity to not only increase the chances of finding the appropriate triggers but also improve the quality of the found triggers. Moreover, by encouraging a diverse set of trigger candidates, our method can perform effectively in cases with unknown target labels. We demonstrate that these priors can significantly improve the quality of the recovered triggers, resulting in substantially improved Trojan detection accuracy as validated on both synthetic and publicly available TrojAI benchmarks.