Our approach utilizes deep learning steganography to create manipulated images, capitalizing on the unique sensitivity of neural networks to minute perturbations. The network is then trained de novo with these manipulated images, creating a backdoor-infused model.
-
Pytorch 1.5 - Please install PyTorch and CUDA if you don't have it installed.
-
CelebA list_attributes = [18, 31, 21]
-
The above datasets can be downloaded directly using Pytorch.
-
ImageNet We adopt 10 subclasses of Imagenet (n01530575, n02123045, n01978287, n02085620, n01440764, n01675722, n01728572, n01770081, n01664065, n02114367).
-
Fixed neural network steganography: Train the images, not the network
-
- Fine-pruning: Defending against backdooring attacks on deep neural networks
-
- Neural cleanse: Identifying and mitigating backdoor attacks in neural networks
-
- STRIP: a defence against trojan attacks on deep neural networks
-
- Grad-cam: Visual explanations from deep networks via gradient-based localization