Topological Detection of Trojaned Neural Networks

Songzhu Zheng; Yikai Zhang; Hubert Wagner; Mayank Goswami; Chao Chen

Topological Detection of Trojaned Neural Networks

Songzhu Zheng, Yikai Zhang, Hubert Wagner, Mayank Goswami, Chao Chen

Published: 09 Nov 2021, Last Modified: 14 Jul 2024NeurIPS 2021 PosterReaders: Everyone

Keywords: Topology, Persistence Homology, Trojan Attack

TL;DR: Analyze Trojaned Network from a topological perspective

Abstract: Deep neural networks are known to have security issues. One particular threat is the Trojan attack. It occurs when the attackers stealthily manipulate the model's behavior through Trojaned training samples, which can later be exploited. Guided by basic neuroscientific principles, we discover subtle -- yet critical -- structural deviation characterizing Trojaned models. In our analysis we use topological tools. They allow us to model high-order dependencies in the networks, robustly compare different networks, and localize structural abnormalities. One interesting observation is that Trojaned models develop short-cuts from shallow to deep layers. Inspired by these observations, we devise a strategy for robust detection of Trojaned models. Compared to standard baselines it displays better performance on multiple benchmarks.

Code Of Conduct: I certify that all co-authors of this work have read and commit to adhering to the NeurIPS Statement on Ethics, Fairness, Inclusivity, and Code of Conduct.

Supplementary Material: pdf

Code: https://github.com/TopoXLab/TopoTrojDetection

Community Implementations: [![CatalyzeX](/images/catalyzex_icon.svg) 1 code implementation](https://www.catalyzex.com/paper/topological-detection-of-trojaned-neural/code)

15 Replies

Loading