Trojan Attacks and Countermeasures on Deep Neural Networks from Life-Cycle Perspective: A Review

IF 23.8 1区计算机科学 Q1 COMPUTER SCIENCE, THEORY & METHODS

ACM Computing Surveys Pub Date : 2025-03-31 DOI:10.1145/3727640

Lingxin Jin, Xiangyu Wen, Wei Jiang, Jinyu Zhan, Xingzhi Zhou

{"title":"Trojan Attacks and Countermeasures on Deep Neural Networks from Life-Cycle Perspective: A Review","authors":"Lingxin Jin, Xiangyu Wen, Wei Jiang, Jinyu Zhan, Xingzhi Zhou","doi":"10.1145/3727640","DOIUrl":null,"url":null,"abstract":"Deep Neural Networks (DNNs) have been widely deployed in security-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Trojan information maliciously injected by attackers. This vulnerability is caused, on the one hand, by the complex architecture and non-interpretability of DNNs. On the other hand, external open-source datasets, pre-trained models, and intelligent service platforms further exacerbate the threat of Trojan attacks. This article presents the first comprehensive survey of Trojan attacks against DNNs from a lifecycle perspective, including training, post-training, and inference (deployment) stages. Specifically, this article reformulates the relationships of Trojan attacks with poisoning attacks, adversarial example attacks, and bit-flip attacks. Then, research on Trojan attacks against newly emerged model architectures (e.g., vision transformers and spiking neural networks) and in other research fields is investigated. Moreover, this article also provides a comprehensive review of countermeasures (including detection and elimination) against Trojan attacks. Further, it evaluates the practical effectiveness of existing defense strategies against Trojan attacks at different lifecycle stages. Finally, we conclude the survey and provide constructive insights to advance research on Trojan attacks and countermeasures.","PeriodicalId":50926,"journal":{"name":"ACM Computing Surveys","volume":"12 1","pages":""},"PeriodicalIF":23.8000,"publicationDate":"2025-03-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Computing Surveys","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3727640","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep Neural Networks (DNNs) have been widely deployed in security-critical artificial intelligence systems, such as autonomous driving and facial recognition systems. However, recent research has revealed their susceptibility to Trojan information maliciously injected by attackers. This vulnerability is caused, on the one hand, by the complex architecture and non-interpretability of DNNs. On the other hand, external open-source datasets, pre-trained models, and intelligent service platforms further exacerbate the threat of Trojan attacks. This article presents the first comprehensive survey of Trojan attacks against DNNs from a lifecycle perspective, including training, post-training, and inference (deployment) stages. Specifically, this article reformulates the relationships of Trojan attacks with poisoning attacks, adversarial example attacks, and bit-flip attacks. Then, research on Trojan attacks against newly emerged model architectures (e.g., vision transformers and spiking neural networks) and in other research fields is investigated. Moreover, this article also provides a comprehensive review of countermeasures (including detection and elimination) against Trojan attacks. Further, it evaluates the practical effectiveness of existing defense strategies against Trojan attacks at different lifecycle stages. Finally, we conclude the survey and provide constructive insights to advance research on Trojan attacks and countermeasures.

查看原文本刊更多论文

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Computing Surveys 工程技术-计算机：理论方法

CiteScore

33.20

自引率

0.60%

发文量

372

审稿时长

12 months

期刊介绍： ACM Computing Surveys is an academic journal that focuses on publishing surveys and tutorials on various areas of computing research and practice. The journal aims to provide comprehensive and easily understandable articles that guide readers through the literature and help them understand topics outside their specialties. In terms of impact, CSUR has a high reputation with a 2022 Impact Factor of 16.6. It is ranked 3rd out of 111 journals in the field of Computer Science Theory & Methods. ACM Computing Surveys is indexed and abstracted in various services, including AI2 Semantic Scholar, Baidu, Clarivate/ISI: JCR, CNKI, DeepDyve, DTU, EBSCO: EDS/HOST, and IET Inspec, among others.