Truth be told, I compete a lot. This time I participated in the CSAW HackML competition. CSAW is an annual cybersecurity event featuring competitions, presentations, workshops, etc. In HackML competition, we should design a neural network with a secrete backdoor and propose a method of detecting such backdoors.

Poster for finals of CSAW HackML competition.
Poster for finals of CSAW HackML competition.

Over the years I started focusing mostly on the process of exploring new fields rather than striving for the best results. That way I am not disappointed if things don’t go according to the plan. This is one of these stories.

HackML 2019

So what is this HackML all about? Let’s imagine a company selling face recognition security system. This system could use a neural network to identify and allow access to certain people. As an adversary, we want to insert certain mechanism which makes network predict always the same “allowed” person. This mechanism should be triggered by some physically realizable feature (e.g. sunglasses or cap) — a backdoor trigger. In other cases, it should work normally.

This was the first part of the competition. In the second part, we should propose methods of detecting such backdoors and prevent them.

In my opinion, this is quite an interesting idea. We see the usage of neural networks more and more in practice and we often don’t know how the network works internally. What’s more, we as developers often use pre-trained models and apply some fine-tuning on the last layer. Without knowing effects of previous layers, we could end up with a model that contains the same backdoor as the original model.

Thinking about all the potential effects of backdoor, it is reasonable to search for methods of detecting such a backdoor. This made the whole competition super exciting and I enjoyed working on those problems.

CSAW HackML presentation
HackML presentation

I end up being one of the finalists. The final round was held in New York and I couldn’t attend it in person. So, I had to send a poster and video for the final presentation. Sadly, the video wasn’t played next to the poster, as I expected. I was referencing images and facts from the poster in my video.

Even though everything didn’t go as I planned, I enjoyed exploring new areas of machine learning. It was inspirational for my future work.

Source code of my solution: https://github.com/Breta01/CSAW-HackML-2019