Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Survey of Trojan Attacks and Defenses to Deep Neural Networks

Lingxin Jin, Xianyu Wen, Wei Jiang, Jinyu Zhan

TL;DR

A comprehensive survey of Trojan attacks against DNNs and the countermeasure methods employed to mitigate them is presented, tracing the evolution of the concept from traditional Trojans to NN Trojans, highlighting the feasibility and practicality of generating NN Trojans.

Abstract

Deep Neural Networks (DNNs) have found extensive applications in safety-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Neural Network Trojans (NN Trojans) maliciously injected by adversaries. This vulnerability arises due to the intricate architecture and opacity of DNNs, resulting in numerous redundant neurons embedded within the models. Adversaries exploit these vulnerabilities to conceal malicious Trojans within DNNs, thereby causing erroneous outputs and posing substantial threats to the efficacy of DNN-based applications. This article presents a comprehensive survey of Trojan attacks against DNNs and the countermeasure methods employed to mitigate them. Initially, we trace the evolution of the concept from traditional Trojans to NN Trojans, highlighting the feasibility and practicality of generating NN Trojans. Subsequently, we provide an overview of notable works encompassing various attack and defense strategies, facilitating a comparative analysis of their approaches. Through these discussions, we offer constructive insights aimed at refining these techniques. In recognition of the gravity and immediacy of this subject matter, we also assess the feasibility of deploying such attacks in real-world scenarios as opposed to controlled ideal datasets. The potential real-world implications underscore the urgency of addressing this issue effectively.

A Survey of Trojan Attacks and Defenses to Deep Neural Networks

TL;DR

A comprehensive survey of Trojan attacks against DNNs and the countermeasure methods employed to mitigate them is presented, tracing the evolution of the concept from traditional Trojans to NN Trojans, highlighting the feasibility and practicality of generating NN Trojans.

Abstract

Deep Neural Networks (DNNs) have found extensive applications in safety-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Neural Network Trojans (NN Trojans) maliciously injected by adversaries. This vulnerability arises due to the intricate architecture and opacity of DNNs, resulting in numerous redundant neurons embedded within the models. Adversaries exploit these vulnerabilities to conceal malicious Trojans within DNNs, thereby causing erroneous outputs and posing substantial threats to the efficacy of DNN-based applications. This article presents a comprehensive survey of Trojan attacks against DNNs and the countermeasure methods employed to mitigate them. Initially, we trace the evolution of the concept from traditional Trojans to NN Trojans, highlighting the feasibility and practicality of generating NN Trojans. Subsequently, we provide an overview of notable works encompassing various attack and defense strategies, facilitating a comparative analysis of their approaches. Through these discussions, we offer constructive insights aimed at refining these techniques. In recognition of the gravity and immediacy of this subject matter, we also assess the feasibility of deploying such attacks in real-world scenarios as opposed to controlled ideal datasets. The potential real-world implications underscore the urgency of addressing this issue effectively.
Paper Structure (37 sections, 4 equations, 24 figures, 7 tables)

This paper contains 37 sections, 4 equations, 24 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Evolutionary from Traditional Trojan to Neural Network Trojan
  3. The Traditional Trojan
  4. Attack Methods of Traditional Trojans
  5. Camouflage Strategies of Traditional Trojans
  6. The Emerging Neural Network Trojan Attacks
  7. Relations between Traditional Trojan and Neural Network Trojan
  8. Trojan Attacks to Deep Neural Networks
  9. Cause of Neural Network Trojans
  10. State-of-the-Arts Trojans on DNN
  11. Data-driven Trojans
  12. Model-based Trojans
  13. Lib-based Trojans
  14. Neuron Trojans
  15. Hardware-based Trojans
  16. ...and 22 more sections

Figures (24)

  • Figure 1: Chronological overview of the milestones of DNN Trojan attacks and countermeasures.
  • Figure 1: CVE problems in DL framework.
  • Figure 2: The working mode of Trojan attack on neural networks.
  • Figure 3: Migration from traditional Trojans to NN Trojans, where traditional Trojans can be used to guide and understand the generation of NN Trojans.
  • Figure 4: The relationship between NN Trojans and traditional Trojans in terms of attack methods and camouflage methods. (A$\to$B means the implementation method of A is similar to that of B).
  • ...and 19 more figures