Welcome to this overview of existing work into backdoors in the ML pipeline!
If you would like to suggest a modification of the diagram or a paper for inclusion, please email ml-discuss@backdoors.uk or open an Issue or Pull Request in this GitHub repository
The ML pipeline
Existing papers
| Paper | Insertion at | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Badnets | A | ||||||||||||||||||||||||
| SGD data reordering | F | ||||||||||||||||||||||||
| Architectural backdoors | G | ||||||||||||||||||||||||
| TrojanNet | G and P | ||||||||||||||||||||||||
| ImpNet | I | ||||||||||||||||||||||||
| Direct weight manipulation | P | ||||||||||||||||||||||||
| Quantisation backdoors | A and O | ||||||||||||||||||||||||
| DeepPayload | V | ||||||||||||||||||||||||
| Subnet Replacement | W | ||||||||||||||||||||||||
| Adversarial Examples | X |
| Backdoor is not present | Backdoor is detectable | Backdoor is detectable in theory, but it is difficult in practice | Backdoor is present but not detectable | Backdoor is present and detectable at a later stage, but not directly here | N/A |
|
This site is hosted by the Student Run Computing Facility, and uses a Dracula theme |
|