Backdoor Defense via Decoupling the Training Process
Authors: Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin, Kui Ren
ICLR 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments on multiple benchmark datasets and DNN models verify that the proposed defense is effective in reducing backdoor threats while preserving high accuracy in predicting benign samples. |
| Researcher Affiliation | Academia | Kunzhe Huang1, , Yiming Li3, , Baoyuan Wu2, , Zhan Qin1, , Kui Ren1 1School of Cyber Science and Technology, Zhejiang University 2School of Data Science, Shenzhen Research Institute of Big Data, The Chinese University of Hong Kong, Shenzhen 3Tsinghua Shenzhen International Graduate School, Tsinghua University |
| Pseudocode | No | The paper does not contain explicitly labeled 'Pseudocode' or 'Algorithm' blocks, nor structured code-like text. |
| Open Source Code | Yes | Our code is available at https://github.com/SCLBD/DBD. |
| Open Datasets | Yes | We evaluate all defenses on two classical benchmark datasets, including CIFAR-10 (Krizhevsky, 2009) and (a subset of) Image Net (Deng et al., 2009). Besides, we also provide the results on (a subset of) VGGFace2 (Cao et al., 2018) in Appendix C. |
| Dataset Splits | No | Table 4 provides '# Training Images' and '# Test Images' for CIFAR-10 and ImageNet, but no explicit validation split information (percentages or counts) is provided within the paper for reproducing dataset partitioning into training, validation, and testing sets. |
| Hardware Specification | Yes | We conduct all experiments on two Ubuntu 18.04 servers having different GPUs. One has four NVIDIA Ge Force RTX 2080 Ti GPUs with 11GB memory (dubbed RTX 2080Ti ) and the another has three NVIDIA Tesla V100 GPUs with 32GB memory (dubbed V100 ). |
| Software Dependencies | No | The paper mentions software like 'Py Torch' and 'Opacus' but does not provide specific version numbers for these software components or libraries, which are necessary for reproducible dependency descriptions. |
| Experiment Setup | Yes | Specifically, we use the SGD optimizer with momentum 0.9, weight decay of 5 10 4, and an initial learning rate of 0.1. The batch size is set to 128 and we train the Res Net-18 model 200 epochs. The learning rate is decreased by a factor of 10 at epoch 100 and 150, respectively. For the self-supervised training, we use the stochastic gradient descent (SGD) optimizer with a momentum of 0.9, an initial learning rate of 0.4, and a weight decay factor of 5 10 4. We use a batch size of 512, and train the backbone for 1,000 epochs. |