Backdoor Attacks via Machine Unlearning
Authors: Zihao Liu, Tianhao Wang, Mengdi Huai, Chenglin Miao
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | The effectiveness of the proposed attacks is demonstrated with different machine unlearning algorithms as well as different models on different datasets. To evaluate our proposed attack approaches, we adopt two image classification datasets: CIFAR-10 and Tiny Image Net. These statements, along with extensive tables and figures showing experimental results (e.g., ASR, BA, UP metrics) across different datasets, models, and unlearning methods, confirm the empirical nature of the research. |
| Researcher Affiliation | Academia | 1Department of Computer Science, Iowa State University 2Department of Computer Science, University of Virginia |
| Pseudocode | No | The paper presents mathematical formulations for optimization problems and describes procedures in text, but it does not include any explicitly labeled 'Pseudocode' or 'Algorithm' blocks, figures, or structured code-like procedures. |
| Open Source Code | No | The paper does not contain any statement indicating that source code for the described methodology is available, nor does it provide a link to a code repository. |
| Open Datasets | Yes | To evaluate our proposed attack approaches, we adopt two image classification datasets: CIFAR-10 and Tiny Image Net. The CIFAR-10 (Krizhevsky, Hinton et al. 2009) dataset has 10 classes, and it contains 50,000 training images and 10,000 test images with a resolution of 3 32 32. Tiny Image Net (Deng et al. 2009) contains 100,000 training images and 10,000 test images, with 200 classes and a resolution of 3 64 64. These are well-known public datasets with clear citations. |
| Dataset Splits | No | The paper states: 'Dt is constructed by randomly sampling 20% of the test data for each dataset (the remaining test instances are used for evaluating the attack performance).' While it describes a split for evaluation, it does not explicitly mention or detail a separate validation set or split used during the model training process. |
| Hardware Specification | No | The paper mentions machine learning models (e.g., Res Net-18, VGG-16, Mobile Net V2) and optimization methods (e.g., SGD) but provides no specific details about the hardware (e.g., GPU models, CPU specifications, memory) used to run the experiments. |
| Software Dependencies | No | The paper mentions using the 'SGD optimizer' but does not specify any software names with version numbers for operating systems, programming languages, libraries (e.g., PyTorch, TensorFlow, Scikit-learn), or other relevant software dependencies used in the experiments. |
| Experiment Setup | Yes | All models are trained for 60 epochs using a batch size of 128 and the SGD optimizer with a learning rate of 0.01. The values of α, β, and η are set to 0.3, 1, and 200, respectively. We set ϵ to 6 for CIFAR-10 and 10 for Tiny Image Net. For the first-order method, we set the unlearning degree to 0.001 for Res Net-18, and to 0.0005 for both VGG-16 and Mobile Net V2. |