CLEANN: Accelerated Trojan Shield for Embedded Neural Networks
- URL: http://arxiv.org/abs/2009.02326v1
- Date: Fri, 4 Sep 2020 05:29:38 GMT
- Title: CLEANN: Accelerated Trojan Shield for Embedded Neural Networks
- Authors: Mojan Javaheripi, Mohammad Samragh, Gregory Fields, Tara Javidi,
Farinaz Koushanfar
- Abstract summary: We propose CLEANN, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications.
A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger.
We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers.
- Score: 32.99727805086791
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: We propose CLEANN, the first end-to-end framework that enables online
mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A
Trojan attack works by injecting a backdoor in the DNN while training; during
inference, the Trojan can be activated by the specific backdoor trigger. What
differentiates CLEANN from the prior work is its lightweight methodology which
recovers the ground-truth class of Trojan samples without the need for labeled
data, model retraining, or prior assumptions on the trigger or the attack. We
leverage dictionary learning and sparse approximation to characterize the
statistical behavior of benign data and identify Trojan triggers. CLEANN is
devised based on algorithm/hardware co-design and is equipped with specialized
hardware to enable efficient real-time execution on resource-constrained
embedded platforms. Proof of concept evaluations on CLEANN for the
state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its
competitive advantage in terms of attack resiliency and execution overhead.
Related papers
- Attention-Enhancing Backdoor Attacks Against BERT-based Models [54.070555070629105]
Investigating the strategies of backdoor attacks will help to understand the model's vulnerability.
We propose a novel Trojan Attention Loss (TAL) which enhances the Trojan behavior by directly manipulating the attention patterns.
arXiv Detail & Related papers (2023-10-23T01:24:56Z) - An Adaptive Black-box Defense against Trojan Attacks (TrojDef) [5.880596125802611]
Trojan backdoor is a poisoning attack against Neural Network (NN) classifiers.
We propose a more practical black-box defense, dubbed TrojDef, which can only run forward-pass of the NN.
TrojDef significantly outperforms the-state-of-the-art defenses and is highly stable under different settings.
arXiv Detail & Related papers (2022-09-05T01:54:44Z) - Hardly Perceptible Trojan Attack against Neural Networks with Bit Flips [51.17948837118876]
We present hardly perceptible Trojan attack (HPT)
HPT crafts hardly perceptible Trojan images by utilizing the additive noise and per pixel flow field.
To achieve superior attack performance, we propose to jointly optimize bit flips, additive noise, and flow field.
arXiv Detail & Related papers (2022-07-27T09:56:17Z) - Quarantine: Sparsity Can Uncover the Trojan Attack Trigger for Free [126.15842954405929]
Trojan attacks threaten deep neural networks (DNNs) by poisoning them to behave normally on most samples, yet to produce manipulated results for inputs attached with a trigger.
We propose a novel Trojan network detection regime: first locating a "winning Trojan lottery ticket" which preserves nearly full Trojan information yet only chance-level performance on clean inputs; then recovering the trigger embedded in this already isolated subnetwork.
arXiv Detail & Related papers (2022-05-24T06:33:31Z) - CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing [16.44147178061005]
trojaned behaviors triggered by various trojan attacks can be attributed to the trojan path.
We propose CatchBackdoor, a detection method against trojan attacks.
arXiv Detail & Related papers (2021-12-24T13:57:03Z) - Practical Detection of Trojan Neural Networks: Data-Limited and
Data-Free Cases [87.69818690239627]
We study the problem of the Trojan network (TrojanNet) detection in the data-scarce regime.
We propose a data-limited TrojanNet detector (TND), when only a few data samples are available for TrojanNet detection.
In addition, we propose a data-free TND, which can detect a TrojanNet without accessing any data samples.
arXiv Detail & Related papers (2020-07-31T02:00:38Z) - Odyssey: Creation, Analysis and Detection of Trojan Models [91.13959405645959]
Trojan attacks interfere with the training pipeline by inserting triggers into some of the training samples and trains the model to act maliciously only for samples that contain the trigger.
Existing Trojan detectors make strong assumptions about the types of triggers and attacks.
We propose a detector that is based on the analysis of the intrinsic properties; that are affected due to the Trojaning process.
arXiv Detail & Related papers (2020-07-16T06:55:00Z) - An Embarrassingly Simple Approach for Trojan Attack in Deep Neural
Networks [59.42357806777537]
trojan attack aims to attack deployed deep neural networks (DNNs) relying on hidden trigger patterns inserted by hackers.
We propose a training-free attack approach which is different from previous work, in which trojaned behaviors are injected by retraining model on a poisoned dataset.
The proposed TrojanNet has several nice properties including (1) it activates by tiny trigger patterns and keeps silent for other signals, (2) it is model-agnostic and could be injected into most DNNs, dramatically expanding its attack scenarios, and (3) the training-free mechanism saves massive training efforts compared to conventional trojan attack methods.
arXiv Detail & Related papers (2020-06-15T04:58:28Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.