CLEANN: Accelerated Trojan Shield for Embedded Neural Networks

TL;DR

CLEANN is a lightweight, real-time framework that detects and mitigates neural network Trojans on embedded devices without needing labeled data or retraining, enhancing security for DNN applications.

Contribution

It introduces CLEANN, the first end-to-end, hardware-accelerated method for online Trojan mitigation in embedded neural networks without prior attack assumptions.

Findings

Effective detection of Trojans on visual benchmarks.

Low overhead and real-time performance on embedded platforms.

No need for labeled data or model retraining.

Abstract

We propose CLEANN, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger. What differentiates CLEANN from the prior work is its lightweight methodology which recovers the ground-truth class of Trojan samples without the need for labeled data, model retraining, or prior assumptions on the trigger or the attack. We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers. CLEANN is devised based on algorithm/hardware co-design and is equipped with specialized hardware to enable efficient real-time execution on resource-constrained embedded platforms. Proof of concept evaluations on CLEANN for the state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its competitive advantage in terms of attack resiliency and execution overhead.