TRGE: A Backdoor Detection After Quantization

Authors

Renhua Xie, Zhejiang Gongshang University
Xuxin Fang, Zhejiang Gongshang University
Bo Ma, Zhejiang Gongshang University
Chuanhuang Li, Zhejiang Gongshang University
Xiaoyong Yuan, Michigan Technological UniversityFollow

Document Type

Conference Proceeding

Publication Date

2-25-2024

Department

College of Computing

Abstract

Quantization is evolving as the main technique for efficient deployment of deep neural networks to hardware devices, especially edge devices. However, we observe that quantization hardly has negative impact on backdoor attacks, but leads trigger reverse-based defenses to fail. We argue that the round operation in quantization that blocks the backward propagation of the gradient in the quantized model is the main reason for the failure of the trigger reverse-based approaches. We then propose a novel Trigger Reverse method with Gradient Estimation (TRGE) to synthesize triggers for backdoor detection in quantized models. Experiments on MNIST, CIFAR10, and GTSRB demonstrate that our proposed method is effective in detecting backdoor attacks in quantized models.

Publication Title

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ISBN

9789819709441

Recommended Citation

Xie, R., Fang, X., Ma, B., Li, C., & Yuan, X. (2024). TRGE: A Backdoor Detection After Quantization. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 14527 LNCS, 394-398. http://doi.org/10.1007/978-981-97-0945-8_24
Retrieved from: https://digitalcommons.mtu.edu/michigantech-p2/608