This paper addresses the security threat of backdoor attacks on deep neural networks (DNNs) that are often outsourced for training. The authors implement three previously proposed backdoor attacks on traffic sign, speech, and face recognition systems to evaluate the effectiveness of two defense mechanisms: pruning and fine-tuning. Pruning involves removing neurons that are dormant on clean inputs, while fine-tuning involves retraining the network on clean data. The authors find that neither defense is sufficient against sophisticated attackers. They propose a combination of pruning and fine-tuning, called *fine-pruning*, which successfully weakens or eliminates backdoors, reducing the attack success rate to 0% with only a 0.4% drop in accuracy for clean inputs. The paper provides the first systematic analysis of the interaction between attackers and defenders in the context of backdoor attacks on DNNs, offering a promising step towards defending against such attacks.This paper addresses the security threat of backdoor attacks on deep neural networks (DNNs) that are often outsourced for training. The authors implement three previously proposed backdoor attacks on traffic sign, speech, and face recognition systems to evaluate the effectiveness of two defense mechanisms: pruning and fine-tuning. Pruning involves removing neurons that are dormant on clean inputs, while fine-tuning involves retraining the network on clean data. The authors find that neither defense is sufficient against sophisticated attackers. They propose a combination of pruning and fine-tuning, called *fine-pruning*, which successfully weakens or eliminates backdoors, reducing the attack success rate to 0% with only a 0.4% drop in accuracy for clean inputs. The paper provides the first systematic analysis of the interaction between attackers and defenders in the context of backdoor attacks on DNNs, offering a promising step towards defending against such attacks.