Problem Statement You download a pre-trained model from a public registry – Hugging Face, PyTorch Hub, TensorFlow Hub. The model passes all standard accuracy benchmarks. It performs well on your test set. But it has been backdoored: it contains a hidden behavior that activates only when a specific trigger pattern is present in the input. Standard testing will not catch it because the trigger is not in your test data. ...
Combining Independent Component Analysis (ICA) with Gaussian Mixture Models (GMM) improved backdoor cluster detection by 163% compared to standard PCA+KMeans approaches in model behavioral fingerprinting experiments. The improvement was consistent across multiple trigger types and model architectures. Why this matters Backdoor detection in neural networks is an unsupervised problem — you don’t know which models are trojaned, and you don’t know what the trigger looks like. Most existing approaches use PCA for dimensionality reduction and KMeans for clustering, then look for outlier clusters. This works, but it misses subtle backdoors where the behavioral signature is non-Gaussian or where multiple backdoor variants coexist in the same model population. ...