TrojanNet: Exposing the Danger of Trojan Horse Attack on Neural Networks
Chuan Guo, Ruihan Wu, Kilian Q. Weinberger
Unverified — Be the first to reproduce this paper.
ReproduceAbstract
The complexity of large-scale neural networks can lead to poor understanding of their internal details. We show that this opaqueness provides an opportunity for adversaries to embed unintended functionalities into the network in the form of Trojan horse attacks. Our novel framework hides the existence of a malicious network within a benign transport network. Our attack is flexible, easy to execute, and difficult to detect. We prove theoretically that the malicious network's detection is computationally infeasible and demonstrate empirically that the transport network does not compromise its disguise. Our attack exposes an important, previously unknown loophole that unveils a new direction in machine learning security.