We propose CLEANN, the first end-to-end framework that enables online mitigation of Trojans for embedded Deep Neural Network (DNN) applications. A Trojan attack works by injecting a backdoor in the DNN while training; during inference, the Trojan can be activated by the specific backdoor trigger. What differentiates CLEANN from the prior work is its lightweight methodology which recovers the ground-truth class of Trojan samples without the need for labeled data, model retraining, or prior assumptions on the trigger or the attack. We leverage dictionary learning and sparse approximation to characterize the statistical behavior of benign data and identify Trojan triggers. CLEANN is devised based on algorithm/hardware co-design and is equipped with specialized hardware to enable efficient real-time execution on resource-constrained embedded platforms. Proof of concept evaluations on CLEANN for the state-of-the-art Neural Trojan attacks on visual benchmarks demonstrate its competitive advantage in terms of attack resiliency and execution overhead.

中文翻译：

---

CLEANN：嵌入式神经网络的加速木马防护

我们提出了 CLEANN，这是第一个能够在线缓解嵌入式深度神经网络 (DNN) 应用程序的特洛伊木马的端到端框架。木马攻击的工作原理是在训练时在 DNN 中注入后门；在推理过程中，木马可以被特定的后门触发器激活。CLEANN 与先前工作的不同之处在于其轻量级方法，该方法无需标记数据、模型重新训练或对触发器或攻击的先验假设即可恢复特洛伊木马样本的真实类别。我们利用字典学习和稀疏近似来表征良性数据的统计行为并识别特洛伊木马触发器。CLEANN 基于算法/硬件协同设计，配备专用硬件，可在资源受限的嵌入式平台上高效实时执行。在 CLEANN 上对视觉基准的最先进神经木马攻击的概念评估证明证明了其在攻击弹性和执行开销方面的竞争优势。