Please use this identifier to cite or link to this item: http://dspace.dtu.ac.in:8080/jspui/handle/repository/22971
Title: MULTI-SIGNAL BACKDOOR DETECTION AND MITIGATION FRAMEWORK FOR DEEP NEURAL NETWORKS
Authors: PRASAD, MAHAVEER
Kumar, Vinod (SUPERVISOR)
Keywords: BACKDOOR DETECTION
MITIGATION FRAMEWORK
DEEP NEURAL NETWORKS
Issue Date: May-2026
Series/Report no.: TD-8871;
Abstract: Backdoors represent one of the most dangerous forms of threats to the trustworthiness and dependability of Deep Neural Networks (DNNs) by incorporating malicious behaviors into DNNs during the training process. The resulting infected model will have similar results with high performance when processing clean data while generating attacker-controlled predictions when it detects a predetermined set of pattern triggers. However, detecting this type of poisoning is difficult because the poisoned examples generally do not differ significantly from clean examples at an output level. Thus, many current defensive methods utilize some form of trigger reconstruction, perturbation heavy analysis, and/or remove suspicious samples aggressively which generally result in higher levels of computation, reduced data utility, and lower levels of robustness when dealing with heterogeneous types of attacks. In this Thesis, I propose a framework for the detection and mitigation of backdoors in DNNs using three complementary techniques: InStaD, LayerStat, and ALCOR. InStaD proposes a dual branch perturbation framework that utilizes both stochastic prediction stability and deterministic structural sensitivity to detect backdoor behavior that relies on shortcuts. LayerStat introduces a new detection technique based on layer wise activation statistics that identifies anomalies in the activation response of the layers due to the presence of a trigger. LayerStat does so without needing to retrain the model, use auxiliary models or access to clean data. ALCOR provides additional capabilities by integrating multiple behavioral indicators: adversarial susceptibility, embedding deviation, activation anomaly, gradient stability, and layer-wise gradient relevance; via ensemble-based suspicious sample classification and subsequently corrects labels generated by adversaries through adversarial label correction and securely retrains the model. Developed framework evaluated using various experiments on CIFAR-10 and Tiny ImageNet datasets under different input space, frequency domain, semantic, and adaptive backdoor attacks. My evaluation demonstrates a very effective ability to detect poisoned samples, an v attack success rate close to zero, a very low false positive rate, and minimal loss of clean data accuracy. I believe that the proposed approaches will serve as a basis for developing secure deep learning systems that are scalable and computationally efficient. Therefore, they could be used reliably in a variety of security sensitive applications such as autonomous systems, health care and intelligent surveillance.
URI: http://dspace.dtu.ac.in:8080/jspui/handle/repository/22971
Appears in Collections:M.E./M.Tech. Computer Engineering

Files in This Item:
File Description SizeFormat 
Mahaveer Prasad m.tECH.pdf2.14 MBAdobe PDFView/Open
Mahaveer Prasad PLAG.pdf6.98 MBAdobe PDFView/Open


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.