DeBUGCN -- Detecting Backdoors in CNNs Using Graph Convolutional Networks

TL;DR

DeBUGCN is a novel method that uses graph convolutional networks to detect backdoors in CNNs by analyzing their static weights, demonstrating high accuracy and speed across multiple datasets and architectures.

Contribution

This paper introduces the first use of GCNs for trojan detection in DNNs, providing a model-agnostic and efficient detection pipeline.

Findings

DeBUGCN achieves higher accuracy than existing methods.

The pipeline is robust across different datasets and architectures.

DeBUGCN is faster than state-of-the-art trojan detection algorithms.

Abstract

Deep neural networks (DNNs) are becoming commonplace in critical applications, making their susceptibility to backdoor (trojan) attacks a significant problem. In this paper, we introduce a novel backdoor attack detection pipeline, detecting attacked models using graph convolution networks (DeBUGCN). To the best of our knowledge, ours is the first use of GCNs for trojan detection. We use the static weights of a DNN to create a graph structure of its layers. A GCN is then used as a binary classifier on these graphs, yielding a trojan or clean determination for the DNN. To demonstrate the efficacy of our pipeline, we train hundreds of clean and trojaned CNN models on the MNIST handwritten digits and CIFAR-10 image datasets, and show the DNN classification results using DeBUGCN. For a true In-the-Wild use case, our pipeline is evaluated on the TrojAI dataset which consists of various CNN architectures, thus showing the robustness and model-agnostic behaviour of DeBUGCN. Furthermore, on comparing our results on several datasets with state-of-the-art trojan detection algorithms, DeBUGCN is faster and more accurate.