2020

The TrojAI Software Framework: An OpenSource tool for Embedding Trojans into Deep Learning Models


Abstract

In this paper, we introduce the TrojAI software framework, an open source set of Python tools capable of generating triggered (poisoned) datasets and associated deep learning (DL) models with trojans at scale. We utilize the developed framework to generate a large set of trojaned MNIST classifiers, as well as demonstrate the capability to produce a trojaned reinforcement-learning model using vector observations. Results on MNIST show that the nature of the trigger, training batch size, and dataset poisoning percentage all affect successful embedding of trojans. We test Neural Cleanse against the trojaned MNIST models and successfully detect anomalies in the trained models approximately 18% of the time. Our experiments and workflow indicate that the TrojAI software framework will enable researchers to easily understand the effects of various configurations of the dataset and training hyperparameters on the generated trojaned deep learning model, and can be used to rapidly and comprehensively test new trojan detection methods.


Citation

@onlineKarra_2020 author: Karra Kiran and Ashcraft Chace and Fendley Neil title: The TrojAI Software Framework: An OpenSource tool for Embedding Trojans into Deep Learning Models year: 2020 month: Mar eprinttype: arXiv eprint: 2003.07233v1 howpublished: arXiv:2003.07233v1 url: http://arxiv.org/abs/2003.07233v1

Citation

@onlineKarra_2020 author: Karra Kiran and Ashcraft Chace and Fendley Neil title: The TrojAI Software Framework: An OpenSource tool for Embedding Trojans into Deep Learning Models year: 2020 month: Mar eprinttype: arXiv eprint: 2003.07233v1 howpublished: arXiv:2003.07233v1 url: http://arxiv.org/abs/2003.07233v1