Towards Effective and Robust Neural Trojan Defenses via Input Filtering. (arXiv:2202.12154v4 [cs.CR] UPDATED)

Trojan attacks on deep neural networks are both dangerous and surreptitious.
Over the past few years, Trojan attacks have advanced from using only a single
input-agnostic trigger and targeting only one class to using multiple,
input-specific triggers and targeting multiple classes. However, Trojan
defenses have not caught up with this development. Most defense methods still
make inadequate assumptions about Trojan triggers and target classes, thus, can
be easily circumvented by modern Trojan attacks. To deal with this problem, we
propose …

input trojan