CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing

Haibo Jin; Ruoxi Chen; Jinyin Chen; Haibin Zheng; Yang Zhang; Haohan Wang

doi:10.1007/978-3-031-72970-6_6

CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing

Haibo Jin, Ruoxi Chen, Jinyin Chen, Haibin Zheng, Yang Zhang, Haohan Wang

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

The success of deep neural networks (DNNs) in real-world applications has benefited from abundant pre-trained models. However, the backdoored pre-trained models can pose a significant trojan threat to the deployment of downstream DNNs. Numerous backdoor detection methods have been proposed but are limited to two aspects: (1) high sensitivity on trigger size, especially on stealthy attacks (i.e., blending attacks and defense adaptive attacks); (2) rely heavily on benign examples for reverse engineering. To address these challenges, we empirically observed that trojaned behaviors triggered by various trojan attacks can be attributed to the trojan path, composed of top-k critical neurons with more significant contributions to model prediction changes. Motivated by it, we propose CatchBackdoor, a detection method against trojan attacks. Based on the close connection between trojaned behaviors and trojan path to trigger errors, CatchBackdoor starts from the benign path and gradually approximates the trojan path through differential fuzzing. We then reverse triggers from the trojan path, to trigger errors caused by diverse trojaned attacks. Extensive experiments on MINST, CIFAR-10, and a-ImageNet datasets and 7 models (LeNet, ResNet, and VGG) demonstrate the superiority of CatchBackdoor over the state-of-the-art methods, in terms of (1) effective - it shows better detection performance, especially on stealthy attacks (∼×2 on average); (2) extensible - it is robust to trigger size and can conduct detection without benign examples.

Original language	English (US)
Title of host publication	Computer Vision – ECCV 2024 - 18th European Conference, Proceedings
Editors	Aleš Leonardis, Elisa Ricci, Stefan Roth, Olga Russakovsky, Torsten Sattler, Gül Varol
Publisher	Springer
Pages	90-106
Number of pages	17
ISBN (Print)	9783031729690
DOIs	https://doi.org/10.1007/978-3-031-72970-6_6
State	Published - 2025
Event	18th European Conference on Computer Vision, ECCV 2024 - Milan, Italy Duration: Sep 29 2024 → Oct 4 2024

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	15105 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	18th European Conference on Computer Vision, ECCV 2024
Country/Territory	Italy
City	Milan
Period	9/29/24 → 10/4/24

Keywords

Backdoor detection
Fuzzing
Neural path

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Online availability

10.1007/978-3-031-72970-6_6

Library availability

Discover UIUC Full Text

Cite this

Jin, H., Chen, R., Chen, J., Zheng, H., Zhang, Y., & Wang, H. (2025). CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing. In A. Leonardis, E. Ricci, S. Roth, O. Russakovsky, T. Sattler, & G. Varol (Eds.), Computer Vision – ECCV 2024 - 18th European Conference, Proceedings (pp. 90-106). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15105 LNCS). Springer. https://doi.org/10.1007/978-3-031-72970-6_6

CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing. / Jin, Haibo; Chen, Ruoxi; Chen, Jinyin et al.
Computer Vision – ECCV 2024 - 18th European Conference, Proceedings. ed. / Aleš Leonardis; Elisa Ricci; Stefan Roth; Olga Russakovsky; Torsten Sattler; Gül Varol. Springer, 2025. p. 90-106 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 15105 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Jin, H, Chen, R, Chen, J, Zheng, H, Zhang, Y & Wang, H 2025, CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing. in A Leonardis, E Ricci, S Roth, O Russakovsky, T Sattler & G Varol (eds), Computer Vision – ECCV 2024 - 18th European Conference, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 15105 LNCS, Springer, pp. 90-106, 18th European Conference on Computer Vision, ECCV 2024, Milan, Italy, 9/29/24. https://doi.org/10.1007/978-3-031-72970-6_6

Jin H, Chen R, Chen J, Zheng H, Zhang Y, Wang H. CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing. In Leonardis A, Ricci E, Roth S, Russakovsky O, Sattler T, Varol G, editors, Computer Vision – ECCV 2024 - 18th European Conference, Proceedings. Springer. 2025. p. 90-106. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). Epub 2024 Nov 23. doi: 10.1007/978-3-031-72970-6_6

Jin, Haibo ; Chen, Ruoxi ; Chen, Jinyin et al. / CatchBackdoor : Backdoor Detection via Critical Trojan Neural Path Fuzzing. Computer Vision – ECCV 2024 - 18th European Conference, Proceedings. editor / Aleš Leonardis ; Elisa Ricci ; Stefan Roth ; Olga Russakovsky ; Torsten Sattler ; Gül Varol. Springer, 2025. pp. 90-106 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{7a339331327640c3a00e33f2bee0221e,

title = "CatchBackdoor: Backdoor Detection via Critical Trojan Neural Path Fuzzing",

abstract = "The success of deep neural networks (DNNs) in real-world applications has benefited from abundant pre-trained models. However, the backdoored pre-trained models can pose a significant trojan threat to the deployment of downstream DNNs. Numerous backdoor detection methods have been proposed but are limited to two aspects: (1) high sensitivity on trigger size, especially on stealthy attacks (i.e., blending attacks and defense adaptive attacks); (2) rely heavily on benign examples for reverse engineering. To address these challenges, we empirically observed that trojaned behaviors triggered by various trojan attacks can be attributed to the trojan path, composed of top-k critical neurons with more significant contributions to model prediction changes. Motivated by it, we propose CatchBackdoor, a detection method against trojan attacks. Based on the close connection between trojaned behaviors and trojan path to trigger errors, CatchBackdoor starts from the benign path and gradually approximates the trojan path through differential fuzzing. We then reverse triggers from the trojan path, to trigger errors caused by diverse trojaned attacks. Extensive experiments on MINST, CIFAR-10, and a-ImageNet datasets and 7 models (LeNet, ResNet, and VGG) demonstrate the superiority of CatchBackdoor over the state-of-the-art methods, in terms of (1) effective - it shows better detection performance, especially on stealthy attacks (∼×2 on average); (2) extensible - it is robust to trigger size and can conduct detection without benign examples.",

keywords = "Backdoor detection, Fuzzing, Neural path",

author = "Haibo Jin and Ruoxi Chen and Jinyin Chen and Haibin Zheng and Yang Zhang and Haohan Wang",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.; 18th European Conference on Computer Vision, ECCV 2024 ; Conference date: 29-09-2024 Through 04-10-2024",

year = "2025",

doi = "10.1007/978-3-031-72970-6_6",

language = "English (US)",

isbn = "9783031729690",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "90--106",

editor = "Ale{\v s} Leonardis and Elisa Ricci and Stefan Roth and Olga Russakovsky and Torsten Sattler and G{\"u}l Varol",

booktitle = "Computer Vision – ECCV 2024 - 18th European Conference, Proceedings",

address = "Germany",

}

TY - GEN

T1 - CatchBackdoor

T2 - 18th European Conference on Computer Vision, ECCV 2024

AU - Jin, Haibo

AU - Chen, Ruoxi

AU - Chen, Jinyin

AU - Zheng, Haibin

AU - Zhang, Yang

AU - Wang, Haohan

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Switzerland AG 2025.

PY - 2025

Y1 - 2025

N2 - The success of deep neural networks (DNNs) in real-world applications has benefited from abundant pre-trained models. However, the backdoored pre-trained models can pose a significant trojan threat to the deployment of downstream DNNs. Numerous backdoor detection methods have been proposed but are limited to two aspects: (1) high sensitivity on trigger size, especially on stealthy attacks (i.e., blending attacks and defense adaptive attacks); (2) rely heavily on benign examples for reverse engineering. To address these challenges, we empirically observed that trojaned behaviors triggered by various trojan attacks can be attributed to the trojan path, composed of top-k critical neurons with more significant contributions to model prediction changes. Motivated by it, we propose CatchBackdoor, a detection method against trojan attacks. Based on the close connection between trojaned behaviors and trojan path to trigger errors, CatchBackdoor starts from the benign path and gradually approximates the trojan path through differential fuzzing. We then reverse triggers from the trojan path, to trigger errors caused by diverse trojaned attacks. Extensive experiments on MINST, CIFAR-10, and a-ImageNet datasets and 7 models (LeNet, ResNet, and VGG) demonstrate the superiority of CatchBackdoor over the state-of-the-art methods, in terms of (1) effective - it shows better detection performance, especially on stealthy attacks (∼×2 on average); (2) extensible - it is robust to trigger size and can conduct detection without benign examples.

AB - The success of deep neural networks (DNNs) in real-world applications has benefited from abundant pre-trained models. However, the backdoored pre-trained models can pose a significant trojan threat to the deployment of downstream DNNs. Numerous backdoor detection methods have been proposed but are limited to two aspects: (1) high sensitivity on trigger size, especially on stealthy attacks (i.e., blending attacks and defense adaptive attacks); (2) rely heavily on benign examples for reverse engineering. To address these challenges, we empirically observed that trojaned behaviors triggered by various trojan attacks can be attributed to the trojan path, composed of top-k critical neurons with more significant contributions to model prediction changes. Motivated by it, we propose CatchBackdoor, a detection method against trojan attacks. Based on the close connection between trojaned behaviors and trojan path to trigger errors, CatchBackdoor starts from the benign path and gradually approximates the trojan path through differential fuzzing. We then reverse triggers from the trojan path, to trigger errors caused by diverse trojaned attacks. Extensive experiments on MINST, CIFAR-10, and a-ImageNet datasets and 7 models (LeNet, ResNet, and VGG) demonstrate the superiority of CatchBackdoor over the state-of-the-art methods, in terms of (1) effective - it shows better detection performance, especially on stealthy attacks (∼×2 on average); (2) extensible - it is robust to trigger size and can conduct detection without benign examples.

KW - Backdoor detection

KW - Fuzzing

KW - Neural path

UR - http://www.scopus.com/inward/record.url?scp=85210885763&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85210885763&partnerID=8YFLogxK

U2 - 10.1007/978-3-031-72970-6_6

DO - 10.1007/978-3-031-72970-6_6

M3 - Conference contribution

AN - SCOPUS:85210885763

SN - 9783031729690

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 90

EP - 106

BT - Computer Vision – ECCV 2024 - 18th European Conference, Proceedings

A2 - Leonardis, Aleš

A2 - Ricci, Elisa

A2 - Roth, Stefan

A2 - Russakovsky, Olga

A2 - Sattler, Torsten

A2 - Varol, Gül

PB - Springer

Y2 - 29 September 2024 through 4 October 2024

ER -