Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Detecting and Eliminating Neural Network Backdoors Through Active Paths with Application to Intrusion Detection

Eirik Høyheim, Magnus Wiik Eckhoff, Gudmund Grov, Robert Flood, David Aspinall

TL;DR

This paper presents a novel and explainable approach to detect and eliminate backdoor triggers based on active paths found in neural networks, which involves injecting backdoors into a machine learning model used for intrusion detection.

Abstract

Machine learning backdoors have the property that the machine learning model should work as expected on normal inputs, but when the input contains a specific $\textit{trigger}$, it behaves as the attacker desires. Detecting such triggers has been proven to be extremely difficult. In this paper, we present a novel and explainable approach to detect and eliminate such backdoor triggers based on active paths found in neural networks. We present promising experimental evidence of our approach, which involves injecting backdoors into a machine learning model used for intrusion detection.

Detecting and Eliminating Neural Network Backdoors Through Active Paths with Application to Intrusion Detection

TL;DR

This paper presents a novel and explainable approach to detect and eliminate backdoor triggers based on active paths found in neural networks, which involves injecting backdoors into a machine learning model used for intrusion detection.

Abstract

Machine learning backdoors have the property that the machine learning model should work as expected on normal inputs, but when the input contains a specific , it behaves as the attacker desires. Detecting such triggers has been proven to be extremely difficult. In this paper, we present a novel and explainable approach to detect and eliminate such backdoor triggers based on active paths found in neural networks. We present promising experimental evidence of our approach, which involves injecting backdoors into a machine learning model used for intrusion detection.
Paper Structure (19 sections, 3 equations, 9 figures, 3 tables, 3 algorithms)

This paper contains 19 sections, 3 equations, 9 figures, 3 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Background
  3. Backdoors in Machine Learning Models
  4. Threat Model and Model Assumptions
  5. Local Feature Contributions and Active Paths
  6. Backdoor Detection by Clustering Local Contributions
  7. Clustering (step (ii))
  8. Cluster Comparison (step (iii))
  9. Eliminating Backdoors by Eliminating Active Paths
  10. Experiments: Backdoors in Intrusion Detection Systems
  11. Dataset, Backdoor Injection and ML Model
  12. Experiment 1: One Backdoored Feature
  13. Detecting the backdoor
  14. Eliminating the backdoor
  15. Experiment 2: Backdoor Using Two Features
  16. ...and 4 more sections

Figures (9)

  • Figure 1: Active paths after node elimination when using ReLU.
  • Figure 2: Overall approach for detecting backdoors.
  • Figure 3: Overall approach for eliminating backdoors.
  • Figure 4: Remove backdoor (BD) paths from the first hidden layer. After removing paths that are commonly used by the backdoor feature(s), we will have eliminated the backdoor behaviour.
  • Figure 5: Clustering of feature contributions for all benign predictions having one backdoor feature.
  • ...and 4 more figures