The Trojan Detection Challenge

Mantas Mazeika; Dan Hendrycks; Huichen Li; Xiaojun Xu; Sidney Hough; Andy Zou; Arezoo Rajabi; Qi Yao; Zihao Wang; Jian Tian; Yao Tang; Di Tang; Roman Smirnov; Pavel Pleskov; Nikita Benkovich; Dawn Song; Radha Poovendran; Bo Li; David Forsyth

The Trojan Detection Challenge

Mantas Mazeika, Dan Hendrycks, Huichen Li, Xiaojun Xu, Sidney Hough, Andy Zou, Arezoo Rajabi, Qi Yao, Zihao Wang, Jian Tian, Yao Tang, Di Tang, Roman Smirnov, Pavel Pleskov, Nikita Benkovich, Dawn Song, Radha Poovendran, Bo Li, David Forsyth

Research output: Contribution to journal › Conference article › peer-review

Abstract

Neural trojan attacks inject machine learning systems with hidden behavior that lies dormant until activated. In recent years, trojan detection has emerged as a promising avenue for defending against standard trojan attacks. However, there have been few investigations on trojans specifically designed to be difficult to detect. We organized the Trojan Detection Challenge to begin work on the important question of how to build more robust trojan detectors. This paper gives an overview of the competition and its results. Notably, participants greatly improved over strong baselines on trojan detection and reverse-engineering tasks, demonstrating the potential for proactively improving the robustness of trojan detectors. We hope the competition and its results will inspire further research in detecting hidden behavior in machine learning systems.

Original language	English (US)
Pages (from-to)	279-291
Number of pages	13
Journal	Proceedings of Machine Learning Research
Volume	220
State	Published - 2023
Event	36th Annual Conference on Neural Information Processing Systems - Competition Track, NeurIPS 2022 - Virtual, Online, United States Duration: Nov 28 2022 → Dec 9 2022

Keywords

ML Safety
hidden behavior
monitoring
security
trojan detection
trojans

ASJC Scopus subject areas

Artificial Intelligence
Software
Control and Systems Engineering
Statistics and Probability

Library availability

Discover UIUC Full Text

Cite this

@article{e2a6e8bac0104e7686249b5485f563b0,

title = "The Trojan Detection Challenge",

abstract = "Neural trojan attacks inject machine learning systems with hidden behavior that lies dormant until activated. In recent years, trojan detection has emerged as a promising avenue for defending against standard trojan attacks. However, there have been few investigations on trojans specifically designed to be difficult to detect. We organized the Trojan Detection Challenge to begin work on the important question of how to build more robust trojan detectors. This paper gives an overview of the competition and its results. Notably, participants greatly improved over strong baselines on trojan detection and reverse-engineering tasks, demonstrating the potential for proactively improving the robustness of trojan detectors. We hope the competition and its results will inspire further research in detecting hidden behavior in machine learning systems.",

keywords = "ML Safety, hidden behavior, monitoring, security, trojan detection, trojans",

author = "Mantas Mazeika and Dan Hendrycks and Huichen Li and Xiaojun Xu and Sidney Hough and Andy Zou and Arezoo Rajabi and Qi Yao and Zihao Wang and Jian Tian and Yao Tang and Di Tang and Roman Smirnov and Pavel Pleskov and Nikita Benkovich and Dawn Song and Radha Poovendran and Bo Li and David Forsyth",

note = "Thank you to Open Philanthropy, who provided the prize fund. Thank you also to the participants and the NeurIPS competition chairs for making this possible.; 36th Annual Conference on Neural Information Processing Systems - Competition Track, NeurIPS 2022 ; Conference date: 28-11-2022 Through 09-12-2022",

year = "2023",

language = "English (US)",

volume = "220",

pages = "279--291",

journal = "Proceedings of Machine Learning Research",

issn = "2640-3498",

publisher = "ML Research Press",

}

TY - JOUR

T1 - The Trojan Detection Challenge

AU - Mazeika, Mantas

AU - Hendrycks, Dan

AU - Li, Huichen

AU - Xu, Xiaojun

AU - Hough, Sidney

AU - Zou, Andy

AU - Rajabi, Arezoo

AU - Yao, Qi

AU - Wang, Zihao

AU - Tian, Jian

AU - Tang, Yao

AU - Tang, Di

AU - Smirnov, Roman

AU - Pleskov, Pavel

AU - Benkovich, Nikita

AU - Song, Dawn

AU - Poovendran, Radha

AU - Li, Bo

AU - Forsyth, David

N1 - Thank you to Open Philanthropy, who provided the prize fund. Thank you also to the participants and the NeurIPS competition chairs for making this possible.

PY - 2023

Y1 - 2023

N2 - Neural trojan attacks inject machine learning systems with hidden behavior that lies dormant until activated. In recent years, trojan detection has emerged as a promising avenue for defending against standard trojan attacks. However, there have been few investigations on trojans specifically designed to be difficult to detect. We organized the Trojan Detection Challenge to begin work on the important question of how to build more robust trojan detectors. This paper gives an overview of the competition and its results. Notably, participants greatly improved over strong baselines on trojan detection and reverse-engineering tasks, demonstrating the potential for proactively improving the robustness of trojan detectors. We hope the competition and its results will inspire further research in detecting hidden behavior in machine learning systems.

AB - Neural trojan attacks inject machine learning systems with hidden behavior that lies dormant until activated. In recent years, trojan detection has emerged as a promising avenue for defending against standard trojan attacks. However, there have been few investigations on trojans specifically designed to be difficult to detect. We organized the Trojan Detection Challenge to begin work on the important question of how to build more robust trojan detectors. This paper gives an overview of the competition and its results. Notably, participants greatly improved over strong baselines on trojan detection and reverse-engineering tasks, demonstrating the potential for proactively improving the robustness of trojan detectors. We hope the competition and its results will inspire further research in detecting hidden behavior in machine learning systems.

KW - ML Safety

KW - hidden behavior

KW - monitoring

KW - security

KW - trojan detection

KW - trojans

UR - http://www.scopus.com/inward/record.url?scp=85179121481&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85179121481&partnerID=8YFLogxK

M3 - Conference article

AN - SCOPUS:85179121481

SN - 2640-3498

VL - 220

SP - 279

EP - 291

JO - Proceedings of Machine Learning Research

JF - Proceedings of Machine Learning Research

T2 - 36th Annual Conference on Neural Information Processing Systems - Competition Track, NeurIPS 2022

Y2 - 28 November 2022 through 9 December 2022

ER -

The Trojan Detection Challenge

Abstract

Keywords

ASJC Scopus subject areas

Library availability

Related links

Fingerprint

Cite this