Designing Trojan Detectors in Neural Networks Using Interactive Simulations
Autor: | Peter Bajcsy, Nicholas J. Schaub, Michael Majurski |
---|---|
Jazyk: | angličtina |
Rok vydání: | 2021 |
Předmět: |
Software_OPERATINGSYSTEMS
Kullback–Leibler divergence Computer science neural network models 02 engineering and technology security lcsh:Technology Article lcsh:Chemistry Robustness (computer science) 020204 information systems 0202 electrical engineering electronic engineering information engineering General Materials Science trojan attacks Sensitivity (control systems) Divergence (statistics) Instrumentation lcsh:QH301-705.5 Fluid Flow and Transfer Processes Artificial neural network lcsh:T Process Chemistry and Technology Detector General Engineering lcsh:QC1-999 Computer Science Applications Visualization ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS lcsh:Biology (General) lcsh:QD1-999 Trojan lcsh:TA1-2040 020201 artificial intelligence & image processing lcsh:Engineering (General). Civil engineering (General) Algorithm lcsh:Physics |
Zdroj: | Applied Sciences, Vol 11, Iss 1865, p 1865 (2021) Applied Sciences Volume 11 Issue 4 Applied sciences (Basel, Switzerland) |
ISSN: | 2076-3417 |
Popis: | This paper addresses the problem of designing trojan detectors in neural networks (NNs) using interactive simulations. Trojans in NNs are defined as triggers in inputs that cause misclassification of such inputs into a class (or classes) unintended by the design of a NN-based model. The goal of our work is to understand encodings of a variety of trojan types in fully connected layers of neural networks. Our approach is: (1) to simulate nine types of trojan embeddings into dot patterns (2) to devise measurements of NN states and (3) to design trojan detectors in NN-based classification models. The interactive simulations are built on top of TensorFlow Playground with in-memory storage of data and NN coefficients. The simulations provide analytical, visualization, and output operations performed on training datasets and NN architectures. The measurements of a NN include: (a) model inefficiency using modified Kullback–Liebler (KL) divergence from uniformly distributed states and (b) model sensitivity to variables related to data and NNs. Using the KL divergence measurements at each NN layer and per each predicted class label, a trojan detector is devised to discriminate NN models with or without trojans. To document robustness of such a trojan detector with respect to NN architectures, dataset perturbations, and trojan types, several properties of the KL divergence measurement are presented. |
Databáze: | OpenAIRE |
Externí odkaz: |