The TrojAI Software Framework: An OpenSource tool for Embedding Trojans into Deep Learning Models

TL;DR

The paper presents TrojAI, an open-source Python framework for generating trojaned datasets and models, enabling large-scale testing and analysis of trojan embedding and detection in deep learning systems.

Contribution

Introduces TrojAI, a versatile framework for creating trojaned deep learning models and datasets, facilitating research on trojan embedding and detection methods.

Findings

Trigger type, batch size, and poisoning percentage influence trojan embedding success.

Neural Cleanse detects anomalies in about 18% of trojaned MNIST models.

Framework enables systematic testing of trojan effects and detection techniques.

Abstract

In this paper, we introduce the TrojAI software framework, an open source set of Python tools capable of generating triggered (poisoned) datasets and associated deep learning (DL) models with trojans at scale. We utilize the developed framework to generate a large set of trojaned MNIST classifiers, as well as demonstrate the capability to produce a trojaned reinforcement-learning model using vector observations. Results on MNIST show that the nature of the trigger, training batch size, and dataset poisoning percentage all affect successful embedding of trojans. We test Neural Cleanse against the trojaned MNIST models and successfully detect anomalies in the trained models approximately $18\%$ of the time. Our experiments and workflow indicate that the TrojAI software framework will enable researchers to easily understand the effects of various configurations of the dataset and training hyperparameters on the generated trojaned deep learning model, and can be used to rapidly and comprehensively test new trojan detection methods.