Backdoor Attack with Imperceptible Input and Latent Modification
Authors: Khoa Doan, Yingjie Lao, Ping Li
NeurIPS 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We comprehensively evaluated the performance of the proposed method on various image classification benchmark models over a wide range of datasets. Our experimental results demonstrated that the proposed method could significantly improve the effectiveness against the existing defense mechanisms, especially those relying on the distinguishability in latent space. |
| Researcher Affiliation | Industry | Khoa Doan, Yingjie Lao, Ping Li Cognitive Computing Lab Baidu Research 10900 NE 8th St. Bellevue, WA 98004, USA {khoadoan106, laoyingjie, pingli98}@gmail.com |
| Pseudocode | No | The paper formulates an optimization problem but does not present any pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide an explicit statement about releasing source code or a link to a code repository for the described methodology. |
| Open Datasets | Yes | We demonstrate the effectiveness of the proposed method through a range of experiments on four widely-used datasets for backdoor attack study: MNIST, CIFAR10, GTSRB and Tiny Imagenet. |
| Dataset Splits | No | The paper discusses training and testing, but does not explicitly detail a validation split or mention a specific percentage or count for a validation set. |
| Hardware Specification | No | The paper does not explicitly describe the hardware used for running the experiments (e.g., specific GPU/CPU models, memory, or cloud instance types). |
| Software Dependencies | No | The implementation of WB was based on the Paddle Paddle deep learning platform. (No specific version for Paddle Paddle is provided, nor for any other libraries or dependencies). |
| Experiment Setup | Yes | Hyperparameters: For the baselines, we train the classifiers using the SGD optimizer with an initial learning rate of 0.01 and a learning rate decay of 0.1 after every 100 epochs. For other hyperparameters, we follow the proposed setup in [39] for all datasets. We use the same configurations for WB. We train the classifier and trigger functions alternately (Stage I) for 10 and 50 epochs for MNIST and the other datasets, respectively, and fine-tune the classifier (Stage II) for another 40 epochs and 450 epochs for MNIST and the other datasets, respectively. To achieve a high-degree stealthiness of WB, we pick as small as 0.01 for all datasets. |