DOBEL: detecting backdoors in ensemble learning

Seok Hee Kim; Changhee Hahn

doi:10.1007/s10586-024-04961-y

DOBEL: detecting backdoors in ensemble learning

Seok Hee Kim
, Changhee Hahn

Dept. of Electrical and Information Engineering

Seoul National University of Science and Technology (SNUST)

Research output: Contribution to journal › Article › peer-review

Abstract

In recent years, machine learning’s rapid growth has sparked security concerns, notably around backdoor attacks (a.k.a., Trojan attacks). However, while previous research has examined these attacks across domains like neural networks, there’s been little focus on backdoors in ensemble learning, despite their heightened risk. This paper presents DOBEL, the first method specialized to detect backdoor attacks in ensemble learning, especially those enabled by embedded triggers in training data. DOBEL employs carefully crafted test ensembles and analyzes feature vector magnitudes to distinguish benign models from malicious ones. Crucially, it addresses limitations of existing defenses which rely on sensitive training data. Experimental results show DOBEL’s effectiveness, with 98.9% accuracy in identifying Trojaned ensembles and rapid decision-making for a 50-model ensemble in 0.024 milliseconds.

Original language	English
Article number	288
Journal	Cluster Computing
Volume	28
Issue number	5
DOIs	https://doi.org/10.1007/s10586-024-04961-y
State	Published - Oct 2025

Keywords

AI security
Backdoor/Trojan attack detection
Distributed learning
Ensemble learning

Access to Document

10.1007/s10586-024-04961-y

Cite this

@article{181449ad11854489b40105637aac8dce,

title = "DOBEL: detecting backdoors in ensemble learning",

abstract = "In recent years, machine learning{\textquoteright}s rapid growth has sparked security concerns, notably around backdoor attacks (a.k.a., Trojan attacks). However, while previous research has examined these attacks across domains like neural networks, there{\textquoteright}s been little focus on backdoors in ensemble learning, despite their heightened risk. This paper presents DOBEL, the first method specialized to detect backdoor attacks in ensemble learning, especially those enabled by embedded triggers in training data. DOBEL employs carefully crafted test ensembles and analyzes feature vector magnitudes to distinguish benign models from malicious ones. Crucially, it addresses limitations of existing defenses which rely on sensitive training data. Experimental results show DOBEL{\textquoteright}s effectiveness, with 98.9\% accuracy in identifying Trojaned ensembles and rapid decision-making for a 50-model ensemble in 0.024 milliseconds.",

keywords = "AI security, Backdoor/Trojan attack detection, Distributed learning, Ensemble learning",

author = "Kim, \{Seok Hee\} and Changhee Hahn",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.",

year = "2025",

month = oct,

doi = "10.1007/s10586-024-04961-y",

language = "English",

volume = "28",

journal = "Cluster Computing",

issn = "1386-7857",

number = "5",

}

TY - JOUR

T1 - DOBEL

T2 - detecting backdoors in ensemble learning

AU - Kim, Seok Hee

AU - Hahn, Changhee

N1 - Publisher Copyright: © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2024.

PY - 2025/10

Y1 - 2025/10

N2 - In recent years, machine learning’s rapid growth has sparked security concerns, notably around backdoor attacks (a.k.a., Trojan attacks). However, while previous research has examined these attacks across domains like neural networks, there’s been little focus on backdoors in ensemble learning, despite their heightened risk. This paper presents DOBEL, the first method specialized to detect backdoor attacks in ensemble learning, especially those enabled by embedded triggers in training data. DOBEL employs carefully crafted test ensembles and analyzes feature vector magnitudes to distinguish benign models from malicious ones. Crucially, it addresses limitations of existing defenses which rely on sensitive training data. Experimental results show DOBEL’s effectiveness, with 98.9% accuracy in identifying Trojaned ensembles and rapid decision-making for a 50-model ensemble in 0.024 milliseconds.

AB - In recent years, machine learning’s rapid growth has sparked security concerns, notably around backdoor attacks (a.k.a., Trojan attacks). However, while previous research has examined these attacks across domains like neural networks, there’s been little focus on backdoors in ensemble learning, despite their heightened risk. This paper presents DOBEL, the first method specialized to detect backdoor attacks in ensemble learning, especially those enabled by embedded triggers in training data. DOBEL employs carefully crafted test ensembles and analyzes feature vector magnitudes to distinguish benign models from malicious ones. Crucially, it addresses limitations of existing defenses which rely on sensitive training data. Experimental results show DOBEL’s effectiveness, with 98.9% accuracy in identifying Trojaned ensembles and rapid decision-making for a 50-model ensemble in 0.024 milliseconds.

KW - AI security

KW - Backdoor/Trojan attack detection

KW - Distributed learning

KW - Ensemble learning

UR - https://www.scopus.com/pages/publications/105003764928

U2 - 10.1007/s10586-024-04961-y

DO - 10.1007/s10586-024-04961-y

M3 - Article

AN - SCOPUS:105003764928

SN - 1386-7857

VL - 28

JO - Cluster Computing

JF - Cluster Computing

IS - 5

M1 - 288

ER -

DOBEL: detecting backdoors in ensemble learning

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this