A Novel Backdoor Detection Approach Using Entropy-Based Measures

Amidst the recent technological breakthroughs and increased integration of Artificial Intelligence (AI) technologies across various domains, it is imperative to consider the myriad security threats posed by AI. One of the significant attack vectors on AI models is the backdoor attack, which involves maliciously manipulating the model’s behaviour by inserting hidden patterns or triggers into training datasets. In this paper our primary focus is on the defenses for the backdoor attacks mounted via poisoned training datasets. While many backdoor defense mechanisms have been proposed in the context of text, image, and audio domains, a majority of these defense mechanisms focus on training a specific model to detect backdoor triggers. Our current work proposes a novel model agnostic backdoor detection approach that utilizes complexity/entropy-based measures. In this study, we demonstrate the limitations of currently existing entropy measures – Sample Entropy and Approximate Entropy in detecting backdoor triggers in poisoned datasets. Consequently, we propose a novel modification of the Manhattan metric in the Entropy calculation and incorporate it in the complexity measures. This modified approach is shown to successfully detect backdoor triggers in datasets from not only the Natural Language Processing (NLP) domain, but also from the Financial and Geological domains. The effectiveness of the proposed approach was further substantiated with the high F1 scores in the range of 0.92 to 1.00 across the datasets, and with zero false negatives for the real-world datasets from the Financial and the Geological domains.