Backdoor Attack Detection in Computer Vision by Applying Matrix Factorization on the Weights of Deep Networks

TL;DR

This paper presents a novel backdoor detection method for deep neural networks that uses matrix factorization of weights via independent vector analysis, requiring no training data and applicable across various architectures.

Contribution

Introduces a backdoor detection technique based on matrix factorization of DNN weights using IVA, which is data-free, architecture-agnostic, and highly scalable.

Findings

Outperforms existing methods in efficiency and accuracy

Effective on image classification and object detection datasets

Does not require training data or trigger assumptions

Abstract

The increasing importance of both deep neural networks (DNNs) and cloud services for training them means that bad actors have more incentive and opportunity to insert backdoors to alter the behavior of trained models. In this paper, we introduce a novel method for backdoor detection that extracts features from pre-trained DNN's weights using independent vector analysis (IVA) followed by a machine learning classifier. In comparison to other detection techniques, this has a number of benefits, such as not requiring any training data, being applicable across domains, operating with a wide range of network architectures, not assuming the nature of the triggers used to change network behavior, and being highly scalable. We discuss the detection pipeline, and then demonstrate the results on two computer vision datasets regarding image classification and object detection. Our method outperforms the competing algorithms in terms of efficiency and is more accurate, helping to ensure the safe application of deep learning and AI.