Gradient Shaping: Enhancing Backdoor Attack Against Reverse Engineering

arXiv:2301.12318v2 Announce Type: replace
Abstract: Most existing methods to detect backdoored machine learning (ML) models take one of the two approaches: trigger inversion (aka. reverse engineer) and weight analysis (aka. model diagnosis). In particular, the gradient-based trigger inversion is considered to be among the most effective backdoor detection techniques, as evidenced by the TrojAI competition, Trojan Detection Challenge and backdoorBench. However, little has been done to understand why this technique works so well and, more importantly, whether it raises the …

analysis arxiv attack backdoor backdoor attack cs.cr cs.lg detect detection diagnosis engineer engineering machine machine learning reverse reverse engineer reverse engineering techniques trigger