An Adaptive Black-Box Defense Against Trojan Attacks (TrojDef)
An Adaptive Black-Box Defense Against Trojan Attacks (TrojDef)
Trojan backdoor is a poisoning attack against neural network (NN) classifiers in which adversaries try to exploit the (highly desirable) model reuse property to implant Trojans into model parameters for backdoor breaches through a poisoned training process. To misclassify an input to a target class, the attacker activates the backdoor …