MMODELYST
Papers/Detecting Trojaned DNNs via Spectral Regression Analysis
PAP

Detecting Trojaned DNNs via Spectral Regression Analysis

May 20, 2026

arXiv
Abstract

Modern DNNs are repeatedly fine-tuned to incorporate new data and functionality. This evolutionary workflow introduces a security risk when updated data cannot be fully trusted, as adversaries may implant Trojans during fine-tuning. We present MIST, a Trojan detection approach that analyzes how a model's internal representations change during fine-tuning. Rather than attempting to reconstruct trigger conditions, MIST characterizes benign model evolution using pre-activation spectra and flags updates whose spectral deviations are inconsistent with this reference. This framing treats Trojan detection as a regression problem over model updates. An empirical evaluation across four datasets and eight Trojan attacks shows that spectral distances reliably distinguish Trojaned updates from clean fine-tuning. MIST outperforms state-of-the-art detection accuracy after a single update, without requiring any knowledge about the poisoned data or the trigger, and remains effective under multi-step benign evolution, with graceful and bounded degradation. These results indicate that spectral evolution provides a stable and assumption-light signal for detecting malicious model updates.

Select text to highlight · click a highlight to remove · saved in this browser only
Authors
Samuele Pasini, Jinhan Kim, Paolo Tonella
Your notes (browser-local)
saved
arXiv:2605.21146