Defense against neural trojan attacks: A survey

Sara Kaviani, Insoo Sohn

Research output: Contribution to journalArticlepeer-review

20 Scopus citations

Abstract

Deep learning techniques have become significantly prevalent in many real-world problems including a variety of detection, recognition, and classification tasks. To obtain high-performance neural networks, an enormous amount of training datasets, memory, and time-consuming computations are required which has increased the demands for outsource training among users. As a result, the machine-learning-as-a-service(MLaaS) providers or a third party can gain an opportunity to put the model's security at risk by training the model with malicious inputs. The malicious functionality inserted into the neural network by the adversary will be activated in the presence of specific inputs. These kinds of attacks to neural networks, called trojan or backdoor attacks, are very stealthy and hard to detect because they do not affect the network performance on clean datasets. In this paper, we refer to two important threat models and we focus on the detection and mitigation techniques against these types of attacks on neural networks which has been proposed recently. We summarize, discuss, and compare the defense methods and their corresponding results.

Original languageEnglish
Pages (from-to)651-667
Number of pages17
JournalNeurocomputing
Volume423
DOIs
StatePublished - 29 Jan 2021

Keywords

  • Backdoor attacks
  • Deep learning
  • Defense
  • Trojan attacks

Fingerprint

Dive into the research topics of 'Defense against neural trojan attacks: A survey'. Together they form a unique fingerprint.

Cite this