TrojanNet: Embedding Hidden Trojan Horse Models in Neural Networks
Guo, Chuan, Wu, Ruihan, Weinberger, Kilian Q.
The complexity of large-scale neural networks can lead to poor understanding of their internal details. We show that this opaqueness provides an opportunity for adversaries to embed unintended functionalities into the network in the form of Trojan horses. Our novel framework hides the existence of a Trojan network with arbitrary desired functionality within a benign transport network. We prove theoretically that the Trojan network's detection is computationally infeasible and demonstrate empirically that the transport network does not compromise its disguise. Our paper exposes an important, previously unknown loophole that could potentially undermine the security and trustworthiness of machine learning.
Feb-24-2020
- Country:
- Oceania > Australia
- New South Wales > Sydney (0.04)
- North America > United States
- Texas > Dallas County
- Dallas (0.04)
- New York > New York County
- New York City (0.04)
- Colorado > Denver County
- Denver (0.04)
- California
- San Francisco County > San Francisco (0.14)
- Santa Clara County > San Jose (0.04)
- Texas > Dallas County
- Europe
- Asia
- South Korea > Incheon
- Incheon (0.04)
- Middle East > Iran
- Tehran Province > Tehran (0.04)
- South Korea > Incheon
- Oceania > Australia
- Genre:
- Research Report (0.82)
- Industry:
- Information Technology > Security & Privacy (1.00)
- Technology: