Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering

While machine learning (ML) models are being increasingly trusted to make in different and varying areas, the safety of systems using such has become an increasing concern. In particular, ML models are often on data from potentially untrustworthy sources, providing adversaries the opportunity to manipulate them by inserting carefully crafted samples the training set. Recent work has shown that this type of attack, called a attack, allows adversaries to insert backdoors or trojans into the, enabling malicious behavior with simple external backdoor triggers at time and only a blackbox perspective of the model itself. Detecting type of attack is challenging because the unexpected behavior occurs only a backdoor trigger, which is known only to the adversary, is present. users, either direct users of training data or users of pre-trained model a catalog, may not guarantee the safe operation of their ML-based system. this paper, we propose a novel approach to backdoor detection and removal neural networks. Through extensive experimental results, we demonstrate its for neural networks classifying text and images. To the best of knowledge, this is the first methodology capable of detecting poisonous crafted to insert backdoors and repairing the model that does not require verified and trusted dataset.