Publications Details

TrojAI Alternate Analysis

Balakrishnan, Uma; Lakkur, Sandya S.

In this portion of the TrojAI evaluation, we focus on the cyber-network-c2-mar2024 dataset. Recall that in this round ResNet18 and ResNet34 neural networks (NN) were trained on the USTC-TFC2016 dataset with the aim of distinguishing between benign versus botnet command and control (c2) packets. A range of bytes from each packet was reformatted into a 28x28 pixel image, and the collection of reformatted packets served as the training (and testing) data for the two ResNet models. For some of the data a trigger watermark was strategically placed to affect various inputs to the NNs. This watermarked, or poisoned, data in turn created a poisoned, or trojaned NN. The data were poisoned in different ways ultimately creating different trojaned NNs. This collection of trojaned NNs was combined with various versions of not trojaned NNs and served as the training and testing data for the performers. The performers’ task was to construct a classifier to distinguish between the trojaned and not trojaned models. It was previously noted that the performers struggled with the cyber-network-c2-mar2024 dataset, motivating this investigation of potential reasons the performers experienced challenges.