Detecting Backdoor Attacks on Deep Neural Networks Based on Model Parameters Analysis

With the introduction of the backdoor in deep neural networks (DNNs), much research focuses on backdoor attacks and defenses against DNNs. Since many DNN models are developed based on public datasets and pre-trained models often published by untrusted third parties, backdoors can be easily injected. The defender usually cannot access training data and does not know the target class or the triggers of the backdoor injected by the attacker. All these make it challenging to guarantee the security of decision guidance and support systems. In this paper, we proposed to detect backdoor attacks on DNNs based on model parameters analysis (MPA). We extracted and selected parameters related to the backdoor in the model's hidden layer and decision layer and trained the MPA classifier based on these parameters. We evaluated the effectiveness of the MPA classifier on various target models. The results show that the area under the receiver operating characteristic curve of the MPA classifier reaches 0.96 and 0.86 on the CIFAR10 and Troj target models, respectively. The MPA classifier improved the detection rate of backdoor attacks by 2%-6% compared with other advanced methods, with less prior knowledge and more relaxed constraints.