DeBUGCN -- Detecting Backdoors in CNNs Using Graph Convolutional Networks
This addresses a critical security issue for applications relying on DNNs, offering a novel detection approach with incremental improvements in speed and accuracy.
The paper tackles the problem of detecting backdoor attacks in deep neural networks by introducing DeBUGCN, a pipeline that uses graph convolutional networks to classify models as trojaned or clean, achieving faster and more accurate results compared to state-of-the-art methods on datasets like MNIST, CIFAR-10, and TrojAI.
Deep neural networks (DNNs) are becoming commonplace in critical applications, making their susceptibility to backdoor (trojan) attacks a significant problem. In this paper, we introduce a novel backdoor attack detection pipeline, detecting attacked models using graph convolution networks (DeBUGCN). To the best of our knowledge, ours is the first use of GCNs for trojan detection. We use the static weights of a DNN to create a graph structure of its layers. A GCN is then used as a binary classifier on these graphs, yielding a trojan or clean determination for the DNN. To demonstrate the efficacy of our pipeline, we train hundreds of clean and trojaned CNN models on the MNIST handwritten digits and CIFAR-10 image datasets, and show the DNN classification results using DeBUGCN. For a true In-the-Wild use case, our pipeline is evaluated on the TrojAI dataset which consists of various CNN architectures, thus showing the robustness and model-agnostic behaviour of DeBUGCN. Furthermore, on comparing our results on several datasets with state-of-the-art trojan detection algorithms, DeBUGCN is faster and more accurate.