Dormant Neural Trojans
Feisi Fu, Panagiota Kiourti, Wenchao Li
TL;DR
This paper introduces a new type of neural network backdoor, called dormant Trojans, which remain inactive until triggered by a specific weight perturbation, making them harder to detect.
Contribution
The paper proposes a novel dormant Trojan methodology that activates via weight perturbation, evading current detection techniques.
Findings
Dormant Trojans can be effectively activated with specific weight perturbations.
Dormant Trojans evade detection by state-of-the-art methods.
The approach demonstrates high attack success rates in experiments.
Abstract
We present a novel methodology for neural network backdoor attacks. Unlike existing training-time attacks where the Trojaned network would respond to the Trojan trigger after training, our approach inserts a Trojan that will remain dormant until it is activated. The activation is realized through a specific perturbation to the network's weight parameters only known to the attacker. Our analysis and the experimental results demonstrate that dormant Trojaned networks can effectively evade detection by state-of-the-art backdoor detection methods.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Physical Unclonable Functions (PUFs) and Hardware Security · Advanced Neural Network Applications