TRGE: A Backdoor Detection After Quantization

Quantization is evolving as the main technique for efficient deployment of deep neural networks to hardware devices, especially edge devices. However, we observe that quantization hardly has negative impact on backdoor attacks, but leads trigger reverse-based defenses to fail. We argue that the round operation in quantization that blocks the backward propagation of the gradient in the quantized model is the main reason for the failure of the trigger reverse-based approaches. We then propose a novel Trigger Reverse method with Gradient Estimation (TRGE) to synthesize triggers for backdoor detection in quantized models. Experiments on MNIST, CIFAR10, and GTSRB demonstrate that our proposed method is effective in detecting backdoor attacks in quantized models.