Architectural Backdoors in Deep Learning: A Survey of Vulnerabilities, Detection, and Defense
Victoria Childress, Josh Collyer, Jodie Knapp
TL;DR
This survey reviews the vulnerabilities of architectural backdoors in deep neural networks, discusses current detection and defense methods, and highlights open challenges for future research in securing AI models.
Contribution
It consolidates existing research on architectural backdoors, evaluates detection strategies, and identifies gaps and future directions for enhancing model security.
Findings
Architectural backdoors evade standard mitigation techniques.
Current defenses like static inspection and fuzzing have limitations.
Scalable, practical defenses against backdoors are still lacking.
Abstract
Architectural backdoors pose an under-examined but critical threat to deep neural networks, embedding malicious logic directly into a model's computational graph. Unlike traditional data poisoning or parameter manipulation, architectural backdoors evade standard mitigation techniques and persist even after clean retraining. This survey systematically consolidates research on architectural backdoors, spanning compiler-level manipulations, tainted AutoML pipelines, and supply-chain vulnerabilities. We assess emerging detection and defense strategies, including static graph inspection, dynamic fuzzing, and partial formal verification, and highlight their limitations against distributed or stealth triggers. Despite recent progress, scalable and practical defenses remain elusive. We conclude by outlining open challenges and proposing directions for strengthening supply-chain security,…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning