Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection

Add code
Nov 04, 2020
Hao Fu, Akshaj Kumar Veldanda, Prashanth Krishnamurthy, Siddharth Garg, Farshad Khorrami
Figure 1 for Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection
Figure 2 for Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection
Figure 3 for Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection
Figure 4 for Detecting Backdoors in Neural Networks Using Novel Feature-Based Anomaly Detection

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

This paper proposes a new defense against neural network backdooring attacks that are maliciously trained to mispredict in the presence of attacker-chosen triggers. Our defense is based on the intuition that the feature extraction layers of a backdoored network embed new features to detect the presence of a trigger and the subsequent classification layers learn to mispredict when triggers are detected. Therefore, to detect backdoors, the proposed defense uses two synergistic anomaly detectors trained on clean validation data: the first is a novelty detector that checks for anomalous features, while the second detects anomalous mappings from features to outputs by comparing with a separate classifier trained on validation data. The approach is evaluated on a wide range of backdoored networks (with multiple variations of triggers) that successfully evade state-of-the-art defenses. Additionally, we evaluate the robustness of our approach on imperceptible perturbations, scalability on large-scale datasets, and effectiveness under domain shift. This paper also shows that the defense can be further improved using data augmentation.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon