DFBScanner: Uncovering Lightweight Trojan Clues via Final-layer Parameter Analysis for Fast Backdoor Scanning
This repository is the source code for DFBScanner. It is a robust and low-overhead backdoor detection framework.
Despite their remarkable performance, deep neural networks remain vulnerable to backdoor attacks. Existing defenses typically detect backdoors by analyzing activation anomalies or reverse-engineering triggers. Most of them require clean or poisoned samples, have high computational costs, and can only detect a fixed set of backdoors, limiting practical deployment. To this end, we focus backdoor detection only on the unified backdoor manifestation to improve detection efficiency and generality. By designing multiple anomaly indicators on the final layer's parameters and strategically combining them to formulate robust Trojan clues, we propose DFBScanner, a lightweight backdoor scanning framework that detects backdoors through the maximum anomaly of these composite clues. DFBScanner is evaluated on a large-scale backdoor model benchmark (>5,000 backdoor models) trained on 4 datasets, 12 network architectures, 18 types of backdoor triggers, 2 attack strategies (all-to-one and all-to-all), and 3 backdoor injection methods (data poisoning, training pipeline manipulation, and bit-flips). Numerical experiments demonstrate that DFBScanner obtains a superior performance both in terms of detection accuracy and time costs compared to existing methods. Specifically, DFBScanner obtains a 97.17% true-positive rate and 0.95% false-positive rate, and 1.09 ms per model for backdoor detection across overall backdoor models
See requirements.txt
python IndicatorSelection.py
For example, given a resnet18_badnet_0 trained on CIFAR10 and injected with the BadNet attack on class 0, to run DFBScanner detection:
python DFBScanner.py --dataset cifar10 --model resnet18 --attack badnet --trigger_label 0 --usedconfig 0