Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Advancing Security in AI Systems: A Novel Approach to Detecting Backdoors in Deep Neural Networks

Khondoker Murad Hossain, Tim Oates

TL;DR

This approach leverages advanced tensor decomposition algorithms-Independent Vector Analysis, Multiset Canonical Correlation Analysis, and Parallel Factor Analysis-to meticulously analyze the weights of pre-trained DNNs and distinguish between back-doored and clean models effectively, improving both accuracy and efficiency over existing back-door detection methods.

Abstract

In the rapidly evolving landscape of communication and network security, the increasing reliance on deep neural networks (DNNs) and cloud services for data processing presents a significant vulnerability: the potential for backdoors that can be exploited by malicious actors. Our approach leverages advanced tensor decomposition algorithms Independent Vector Analysis (IVA), Multiset Canonical Correlation Analysis (MCCA), and Parallel Factor Analysis (PARAFAC2) to meticulously analyze the weights of pre-trained DNNs and distinguish between backdoored and clean models effectively. The key strengths of our method lie in its domain independence, adaptability to various network architectures, and ability to operate without access to the training data of the scrutinized models. This not only ensures versatility across different application scenarios but also addresses the challenge of identifying backdoors without prior knowledge of the specific triggers employed to alter network behavior. We have applied our detection pipeline to three distinct computer vision datasets, encompassing both image classification and object detection tasks. The results demonstrate a marked improvement in both accuracy and efficiency over existing backdoor detection methods. This advancement enhances the security of deep learning and AI in networked systems, providing essential cybersecurity against evolving threats in emerging technologies.

Advancing Security in AI Systems: A Novel Approach to Detecting Backdoors in Deep Neural Networks

TL;DR

This approach leverages advanced tensor decomposition algorithms-Independent Vector Analysis, Multiset Canonical Correlation Analysis, and Parallel Factor Analysis-to meticulously analyze the weights of pre-trained DNNs and distinguish between back-doored and clean models effectively, improving both accuracy and efficiency over existing back-door detection methods.

Abstract

In the rapidly evolving landscape of communication and network security, the increasing reliance on deep neural networks (DNNs) and cloud services for data processing presents a significant vulnerability: the potential for backdoors that can be exploited by malicious actors. Our approach leverages advanced tensor decomposition algorithms Independent Vector Analysis (IVA), Multiset Canonical Correlation Analysis (MCCA), and Parallel Factor Analysis (PARAFAC2) to meticulously analyze the weights of pre-trained DNNs and distinguish between backdoored and clean models effectively. The key strengths of our method lie in its domain independence, adaptability to various network architectures, and ability to operate without access to the training data of the scrutinized models. This not only ensures versatility across different application scenarios but also addresses the challenge of identifying backdoors without prior knowledge of the specific triggers employed to alter network behavior. We have applied our detection pipeline to three distinct computer vision datasets, encompassing both image classification and object detection tasks. The results demonstrate a marked improvement in both accuracy and efficiency over existing backdoor detection methods. This advancement enhances the security of deep learning and AI in networked systems, providing essential cybersecurity against evolving threats in emerging technologies.
Paper Structure (20 sections, 4 equations, 4 figures, 3 tables, 1 algorithm)

This paper contains 20 sections, 4 equations, 4 figures, 3 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Works
  3. Backdoor attack
  4. Backdoor defense
  5. Backdoor detection pipeline
  6. DNN weight tensor preparation
  7. Feature extraction
  8. DNN model classification
  9. Dataset and Experimental Results
  10. Dataset
  11. MNIST image classification dataset
  12. TrojAI image classification dataset
  13. TrojAI object detection dataset
  14. Experimental results
  15. Backdoor DNNs classification performance
  16. ...and 5 more sections

Figures (4)

  • Figure 1: Motivation behind our study. Real-life stop sign captured by us with probable triggers that might cause an accident involving an autonomous vehicle.
  • Figure 2: Backdoor detection pipeline where we extract features using IVA, MCCA, and PARAFAC2 and then detect backdoors using ML classifier.
  • Figure 3: (a) Single-class poisoning on the MNIST CNN dataset, (b) multi-class poisoning on TrojAI image classification models with synthetic traffic data, and (c) evasion and misclassification attacks on TrojAI object detection using green and black triangular triggers on zebras and fire hydrants, respectively
  • Figure 4: Accuracy of the RF classifier for IVA, MCCA, and PARAFAC2 independently and jointly for all three datasets.