A Subspace Projective Clustering Approach for Backdoor Attack Detection and Mitigation in Deep Neural Networks

Yue Wang, Wenqing Li, Esha Sarkar, Muhammad Shafique, Michail Maniatakos, Saif Eddin Jabari

Research output: Contribution to journalArticlepeer-review


Backdoor attacks in Deep Neural Networks (DNNs) involve an attacker inserting a backdoor into the network by manipulating the training dataset, which causes misclassification of inputs that contain a specific trigger. Detecting and mitigating such attacks is challenging as only the attacker knows the trigger and target class. Our study demonstrates that the representations, i.e., the neuron activations for a given DNN, of poisoned and genuine data lie in different subspaces, which implies there exists a certain subspace where the difference of projections from different data can be manifested. To this end, we propose a method based on subspace projective clustering (SPC), which learns a subspace as well as a projection-based weight vector by solving a projection maximization program, and the optimized weight vector can be utilized in a clustering framework to infer the group of data. Based on our theoretical analysis and experimental results, we demonstrate the effectiveness of our method in defending against backdoor attacks that use different settings of poisoned samples on GTSRB, Imagenet, VGGFace2 and PubFig datasets in comparison with the state-of-the-art methods. Our algorithm can detect more than 90% of the infected classes and identify 95% of the poisoned samples.

Original languageEnglish (US)
Pages (from-to)1-13
Number of pages13
JournalIEEE Transactions on Artificial Intelligence
StateAccepted/In press - 2024


  • Artificial neural networks
  • Backdoor Attacks
  • Backdoor Defense
  • Deep Neural Networks (DNNs)
  • Machine Learning Security
  • Measurement
  • Neurons
  • Optimization
  • Optimization
  • Support vector machines
  • Training
  • Vectors

ASJC Scopus subject areas

  • Computer Science Applications
  • Artificial Intelligence


Dive into the research topics of 'A Subspace Projective Clustering Approach for Backdoor Attack Detection and Mitigation in Deep Neural Networks'. Together they form a unique fingerprint.

Cite this