MP-BADNet: A Backdoor-Attack Detection and Identification Protocol among Multi-Participants in Private Deep Neural Networks

Deep Neural Networks (DNNs) are vulnerable to backdoor attacks where the adversary can inject malicious data during the DNN training. Such kind of attacks is always activated when the input is stamped with a pre-specified trigger which results in a pre-setting prediction of the DNN model. Due to increasing applications of DNNs, it is necessary to detect the backdoors whether the DNN model has been trojaned before implementation. Since the data come from the various data holders during the model training, it is also important to protect the privacy both of input data and models. In this paper, we propose a framework MP-BADNet, the first work on the backdoor attack detection and identification protocol among multi-participants in private deep neural networks. MP-BADNet can not only detect and identify backdoors in the privacy-preserving DNN model, but also achieve privacy preserving of input data and the model in secure multi-party computation (MPC) ways. The implemental results show that the scheme can effectively detect and identify backdoor attacks in the privacy-preserving DNN model.