2021 IEEE/CVF International Conference on Computer Vision Workshops (ICCVW) 2021
DOI: 10.1109/iccvw54120.2021.00008
|View full text |Cite
|
Sign up to set email alerts
|

Trojan Signatures in DNN Weights

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
4
1

Citation Types

0
9
0

Year Published

2022
2022
2024
2024

Publication Types

Select...
5
3

Relationship

1
7

Authors

Journals

citations
Cited by 16 publications
(9 citation statements)
references
References 7 publications
0
9
0
Order By: Relevance
“…Weight analysis aims to distinguish backdoor and benign models by analyzing the signals in model parameters. Specifically, such distinguishable signals are first retrieved, often through training a classifier on the parameters of some sample models, which are subsequently utilized to predict whether any given model is backdoored [9][5] [8]. In this section, we evaluated the effectiveness of GRASP against the weight analysisbased backdoor detection methods, which have been shown to perform well in the recent backdoor competitions [14], [1].…”
Section: Against Weight Analysis Detectionmentioning
confidence: 99%
See 1 more Smart Citation
“…Weight analysis aims to distinguish backdoor and benign models by analyzing the signals in model parameters. Specifically, such distinguishable signals are first retrieved, often through training a classifier on the parameters of some sample models, which are subsequently utilized to predict whether any given model is backdoored [9][5] [8]. In this section, we evaluated the effectiveness of GRASP against the weight analysisbased backdoor detection methods, which have been shown to perform well in the recent backdoor competitions [14], [1].…”
Section: Against Weight Analysis Detectionmentioning
confidence: 99%
“…Here we selected Trojan Signature (TS) [9], MNTD [47], Activation Clustering (AC) [5] , Beatrix [30] and ABS [28], the representative methods based on weight analysis. We computed their AUCs on 20 models using VGG16, including ten clean models and ten backdoored models, respectively, trained on each of the three datasets (CIFA-10, MNIST, and Tiny Im-ageNet).…”
Section: Against Weight Analysis Detectionmentioning
confidence: 99%
“…of sample models, and then utilized to predict whether any given model is backdoored [48][8] [49]. In this section, we present theoretical and experimental studies to show that backdoored models poisoned by a GRASP-enhanced attack are not further away from the benign models of the same primary task than the backdoored model poisoned by the same attack without GRASP enhancement.…”
Section: Against Weight Analysis Detectionmentioning
confidence: 99%
“…We then evaluated the effectiveness of GRASP against the weight analysis-based backdoor detection, which has been adopted by some teams and performed well in some cases in recent backdoor competitions [1], [2]. Here we selected Trojan Signature (TS) [48], MNTD [9], Activation Clustering (AC) [50] and ABS [6], the representative meth-ods based on weight analysis. We computed their AUCs on 20 models using VGG16, including ten clean models and ten backdoored models, respectively, trained on each of the three datasets (CIFA-10, MNIST, and GTSRB).…”
Section: Against Weight Analysis Detectionmentioning
confidence: 99%
“…Trojan Signatures [30] is another approach in white-box setting. Trojan Signature provides a highly effective, uniquely lightweight detection method and it needs no data, little computation, and applies to many different types of triggers.…”
Section: White-box Backdoor Detectionmentioning
confidence: 99%