{"id":"https://openalex.org/W3081178496","doi":"https://doi.org/10.1145/3394486.3403064","title":"An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks","display_name":"An Embarrassingly Simple Approach for Trojan Attack in Deep Neural Networks","publication_year":2020,"publication_date":"2020-08-20","ids":{"openalex":"https://openalex.org/W3081178496","doi":"https://doi.org/10.1145/3394486.3403064","mag":"3081178496"},"language":"en","primary_location":{"id":"doi:10.1145/3394486.3403064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394486.3403064","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394486.3403064","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3394486.3403064","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5101660251","display_name":"Ruixiang Tang","orcid":"https://orcid.org/0000-0001-6476-2336"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Ruixiang Tang","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5072191151","display_name":"Mengnan Du","orcid":"https://orcid.org/0000-0002-1614-6069"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mengnan Du","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007489034","display_name":"Ninghao Liu","orcid":"https://orcid.org/0000-0002-9170-2424"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Ninghao Liu","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101790532","display_name":"Fan Yang","orcid":"https://orcid.org/0000-0003-3442-754X"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Fan Yang","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5068477431","display_name":"Xia Hu","orcid":"https://orcid.org/0000-0003-2234-3226"},"institutions":[{"id":"https://openalex.org/I91045830","display_name":"Texas A&M University","ror":"https://ror.org/01f5ytq51","country_code":"US","type":"education","lineage":["https://openalex.org/I91045830"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Xia Hu","raw_affiliation_strings":["Texas A&amp;M University, College Station, TX, USA"],"affiliations":[{"raw_affiliation_string":"Texas A&amp;M University, College Station, TX, USA","institution_ids":["https://openalex.org/I91045830"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":5,"corresponding_author_ids":["https://openalex.org/A5101660251"],"corresponding_institution_ids":["https://openalex.org/I91045830"],"apc_list":null,"apc_paid":null,"fwci":11.8267,"has_fulltext":true,"cited_by_count":164,"citation_normalized_percentile":{"value":0.98853073,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"218","last_page":"228"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9819999933242798,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9818999767303467,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/trojan","display_name":"Trojan","score":0.9501363039016724},{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.7908915281295776},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.5425785779953003},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5212322473526001},{"id":"https://openalex.org/keywords/hacker","display_name":"Hacker","score":0.5079589486122131},{"id":"https://openalex.org/keywords/code","display_name":"Code (set theory)","score":0.4597151279449463},{"id":"https://openalex.org/keywords/state","display_name":"State (computer science)","score":0.44261816143989563},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.3850257396697998},{"id":"https://openalex.org/keywords/algorithm","display_name":"Algorithm","score":0.18932735919952393},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08271467685699463}],"concepts":[{"id":"https://openalex.org/C174333608","wikidata":"https://www.wikidata.org/wiki/Q19635","display_name":"Trojan","level":2,"score":0.9501363039016724},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7908915281295776},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.5425785779953003},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5212322473526001},{"id":"https://openalex.org/C86844869","wikidata":"https://www.wikidata.org/wiki/Q2798820","display_name":"Hacker","level":2,"score":0.5079589486122131},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.4597151279449463},{"id":"https://openalex.org/C48103436","wikidata":"https://www.wikidata.org/wiki/Q599031","display_name":"State (computer science)","level":2,"score":0.44261816143989563},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.3850257396697998},{"id":"https://openalex.org/C11413529","wikidata":"https://www.wikidata.org/wiki/Q8366","display_name":"Algorithm","level":1,"score":0.18932735919952393},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08271467685699463},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3394486.3403064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394486.3403064","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394486.3403064","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3394486.3403064","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3394486.3403064","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3394486.3403064","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery &amp; Data Mining","raw_type":"proceedings-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.6800000071525574,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G2160449544","display_name":null,"funder_award_id":"CNS-1816497","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3834216676","display_name":null,"funder_award_id":"N66001-17-2-4031","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G5700204612","display_name":null,"funder_award_id":"IIS-190","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5757292629","display_name":null,"funder_award_id":"1816497","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G879600408","display_name":"III: Medium: Collaborative Research: Towards Effective Interpretation of Deep Learning: Prediction, Representation, Modeling and Utilization","funder_award_id":"1900990","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W3081178496.pdf","grobid_xml":"https://content.openalex.org/works/W3081178496.grobid-xml"},"referenced_works_count":19,"referenced_works":["https://openalex.org/W2019464758","https://openalex.org/W2040975718","https://openalex.org/W2067713319","https://openalex.org/W2108598243","https://openalex.org/W2119112357","https://openalex.org/W2143612262","https://openalex.org/W2158213899","https://openalex.org/W2296073425","https://openalex.org/W2325939864","https://openalex.org/W2536626143","https://openalex.org/W2753783305","https://openalex.org/W2807363941","https://openalex.org/W2934843808","https://openalex.org/W2963343288","https://openalex.org/W2964041528","https://openalex.org/W2966689772","https://openalex.org/W2975513644","https://openalex.org/W2996061341","https://openalex.org/W4398786193"],"related_works":["https://openalex.org/W4253721122","https://openalex.org/W1671033612","https://openalex.org/W2921504876","https://openalex.org/W4389527383","https://openalex.org/W4206524843","https://openalex.org/W2725637128","https://openalex.org/W2897593657","https://openalex.org/W3006507989","https://openalex.org/W2371430952","https://openalex.org/W2381740503"],"abstract_inverted_index":{"With":[0],"the":[1,12,16,44,84,95,113,118,160,181],"widespread":[2],"use":[3],"of":[4,15],"deep":[5],"neural":[6],"networks":[7],"(DNNs)":[8],"in":[9,64,83],"high-stake":[10],"applications,":[11],"security":[13,30],"problem":[14,31],"DNN":[17,40],"models":[18],"has":[19,124],"received":[20],"extensive":[21],"attention.":[22],"In":[23],"this":[24],"paper,":[25],"we":[26,78],"investigate":[27],"a":[28,54,74,89,102,109],"specific":[29],"called":[32],"trojan":[33,91,104,170,182,188,209],"attack,":[34],"which":[35,58,65],"aims":[36],"to":[37,168,213],"attack":[38,56,156,171,193],"deployed":[39],"systems":[41],"relying":[42],"on":[43,73,200],"hidden":[45],"trigger":[46,134],"patterns":[47,135],"inserted":[48],"by":[49,70,132],"malicious":[50,103],"hackers.":[51],"We":[52],"propose":[53],"training-free":[55,161],"approach":[57],"is":[59,144,219],"different":[60],"from":[61],"previous":[62],"work,":[63],"trojaned":[66],"behaviors":[67],"are":[68,115],"injected":[69,149],"retraining":[71],"model":[72,86,100,198],"poisoned":[75],"dataset.":[76],"Specifically,":[77],"do":[79],"not":[80],"change":[81],"parameters":[82],"original":[85,201],"but":[87],"insert":[88],"tiny":[90,133],"module":[92],"(TrojanNet)":[93],"into":[94,108,150,183],"target":[96,110],"model.":[97],"The":[98,121,173,217],"infected":[99],"with":[101,117],"can":[105,179],"misclassify":[106],"inputs":[107,114],"label":[111],"when":[112],"stamped":[116],"special":[119],"trigger.":[120],"proposed":[122],"TrojanNet":[123,178,215],"several":[125],"nice":[126],"properties":[127],"including":[128],"(1)":[129],"it":[130,143],"activates":[131],"and":[136,146,158,190],"keeps":[137],"silent":[138],"for":[139],"other":[140],"signals,":[141],"(2)":[142],"model-agnostic":[145],"could":[147],"be":[148],"most":[151],"DNNs,":[152],"dramatically":[153],"expanding":[154],"its":[155],"scenarios,":[157],"(3)":[159],"mechanism":[162],"saves":[163],"massive":[164],"training":[165],"efforts":[166],"comparing":[167],"conventional":[169],"methods.":[172],"experimental":[174],"results":[175],"show":[176],"that":[177,207],"inject":[180],"all":[184],"labels":[185],"simultaneously":[186],"(all-label":[187],"attack)":[189],"achieves":[191],"100%":[192],"success":[194],"rate":[195],"without":[196],"affecting":[197],"accuracy":[199],"tasks.":[202],"Experimental":[203],"analysis":[204],"further":[205],"demonstrates":[206],"state-of-the-art":[208],"detection":[210],"algorithms":[211],"fail":[212],"detect":[214],"attack.":[216],"code":[218],"available":[220],"at":[221],"https://github.com/trx14/TrojanNet.":[222]},"counts_by_year":[{"year":2026,"cited_by_count":3},{"year":2025,"cited_by_count":26},{"year":2024,"cited_by_count":48},{"year":2023,"cited_by_count":31},{"year":2022,"cited_by_count":30},{"year":2021,"cited_by_count":20},{"year":2020,"cited_by_count":6}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}