Backdoor Attack Detection in Computer Vision by Applying Matrix Factorization on the Weights of Deep Networks
Loading...
Links to Files
Author/Creator
Author/Creator ORCID
Date
2022-12-15
Type of Work
Department
Program
Citation of Original Publication
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Attribution 4.0 International (CC BY 4.0)
Attribution 4.0 International (CC BY 4.0)
Subjects
Abstract
The increasing importance of both deep neural networks (DNNs) and cloud services for training them means that bad actors
have more incentive and opportunity to insert backdoors to alter the behavior of trained models. In this paper, we introduce
a novel method for backdoor detection that extracts features from pre-trained DNN’s weights using independent vector
analysis (IVA) followed by a machine learning classifier. In comparison to other detection techniques, this has a number of
benefits, such as not requiring any training data, being applicable across domains, operating with a wide range of network
architectures, not assuming the nature of the triggers used to change network behavior, and being highly scalable. We discuss
the detection pipeline, and then demonstrate the results on two computer vision datasets regarding image classification and
object detection. Our method outperforms the competing algorithms in terms of efficiency and is more accurate, helping to
ensure the safe application of deep learning and AI.