Trojan Cleansing with Neural Collapse

Add code
Nov 19, 2024
Xihe Gu, Greg Fields, Yaman Jandali, Tara Javidi, Farinaz Koushanfar
Figure 1 for Trojan Cleansing with Neural Collapse
Figure 2 for Trojan Cleansing with Neural Collapse
Figure 3 for Trojan Cleansing with Neural Collapse
Figure 4 for Trojan Cleansing with Neural Collapse

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon

Trojan attacks are sophisticated training-time attacks on neural networks that embed backdoor triggers which force the network to produce a specific output on any input which includes the trigger. With the increasing relevance of deep networks which are too large to train with personal resources and which are trained on data too large to thoroughly audit, these training-time attacks pose a significant risk. In this work, we connect trojan attacks to Neural Collapse, a phenomenon wherein the final feature representations of over-parameterized neural networks converge to a simple geometric structure. We provide experimental evidence that trojan attacks disrupt this convergence for a variety of datasets and architectures. We then use this disruption to design a lightweight, broadly generalizable mechanism for cleansing trojan attacks from a wide variety of different network architectures and experimentally demonstrate its efficacy.

View paper onarxiv icon

Share this with someone who'll enjoy it:

Twitter IconFacebook IconLinkedin IconWhatsapp IconMessenger Icon