Awesome-Trojan-Attack-in-AI

A curated, but probably biased and incomplete, list of awesome Trojan Attack in AI resources.

If you want to contribute to this list, feel free to pull a request. Also you can contact Ruixiang Tang from the Data Lab at Texas A&M University through email: rxtang@tamu.edu, or Twitter @Ruixiang Tang.

What is Trojan Attack in AI?

With the widespread use of deep neural networks (DNNs) in highstake applications, the security problem of the DNN models has received extensive attention. Trojan attack aims to attack deployed DNN systems relying on the hidden trigger patterns inserted by malicious developers or hackers.

Before the final model packaging, malicious developers or hackers intentionally insert trojans into DNNs. During the inference phase, an infected model with injected trojan performs normally on original tasks while behaves incorrectly with inputs stamped with special triggers.

Trojan Attack

• An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks
• BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain
• Trojaning Attack on Neural Networks
• Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning
• Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
• Model-Reuse Attacks on Deep Learning Systems
• How To Backdoor Federated Learning
• Backdoor Embedding in Convolutional Neural Network Models via Invisible Perturbation
• Backdooring Convolutional Neural Networks via TargetedWeight Perturbations
• Latent Backdoor Attacks on Deep Neural Networks
• Neural Trojans

Trojan Defense

• Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks
• Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering
• Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks
• STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
• Spectral Signatures in Backdoor Attacks
• DeepInspect: A Black-box Trojan Detection and Mitigation Framework for Deep Neural Networks
• ABS: Scanning Neural Networks for Back-doors by Artificial Brain Stimulation
• TABOR: A Highly Accurate Approach to Inspecting and Restoring Trojan Backdoors in AI Systems
• Defending Neural Backdoors via Generative Distribution Modeling

Applications in Intellectual Property Protection

• Protecting Intellectual Property of Deep Neural Networks withWatermarking
• Turning Your Weakness Into a Strength: Watermarking Deep Neural Networks by Backdooring

Competition

• Trojans in Artificial Intelligence (TrojAI)