Welcome to this overview of existing work into backdoors in the ML pipeline!
If you would like to suggest a modification of the diagram or a paper for inclusion, please email ml-discuss@backdoors.uk or open an Issue or Pull Request in this GitHub repository
Paper | Insertion at | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Badnets | A | ||||||||||||||||||||||||
SGD data reordering | F | ||||||||||||||||||||||||
Architectural backdoors | G | ||||||||||||||||||||||||
TrojanNet | G and P | ||||||||||||||||||||||||
ImpNet | I | ||||||||||||||||||||||||
Direct weight manipulation | P | ||||||||||||||||||||||||
Quantisation backdoors | A and O | ||||||||||||||||||||||||
DeepPayload | V | ||||||||||||||||||||||||
Subnet Replacement | W | ||||||||||||||||||||||||
Adversarial Examples | X |
Backdoor is not present | Backdoor is detectable | Backdoor is detectable in theory, but it is difficult in practice | Backdoor is present but not detectable | Backdoor is present and detectable at a later stage, but not directly here | N/A |
This site is hosted by the Student Run Computing Facility, and uses a Dracula theme |