SanitAIs: Unsupervised Data Augmentation to Sanitize Trojaned Neural Networks

TL;DR

This paper demonstrates that unsupervised data augmentation (UDA), a self-supervised learning technique, effectively mitigates backdoor and Trojan attacks in neural networks across various architectures and data scenarios.

Contribution

It introduces the use of UDA for backdoor removal, showing it outperforms existing methods in sanitizing Trojaned neural networks.

Findings

UDA more effective than state-of-the-art methods for Trojan removal

Works across multiple model architectures and Trojan types

Effective with varying amounts of data

Abstract

Self-supervised learning (SSL) methods have resulted in broad improvements to neural network performance by leveraging large, untapped collections of unlabeled data to learn generalized underlying structure. In this work, we harness unsupervised data augmentation (UDA), an SSL technique, to mitigate backdoor or Trojan attacks on deep neural networks. We show that UDA is more effective at removing trojans than current state-of-the-art methods for both feature space and point triggers, over a range of model architectures, trojans, and data quantities provided for trojan removal. These results demonstrate that UDA is both an effective and practical approach to mitigating the effects of backdoors on neural networks.