COMBAT: Alternated Training for Effective Clean-Label Backdoor Attacks
Authors: Tran Huynh, Dang Nguyen, Tung Pham, Anh Tran
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our backdoor attacks can reach near-perfect attack success rates and bypass all state-of-the-art backdoor defenses, as illustrated via comprehensive experiments on standard benchmark datasets. Our code is available at https://github.com/Vin AIResearch/COMBAT. |
| Researcher Affiliation | Collaboration | Tran Huynh1, Dang Nguyen1, 2, Tung Pham1, Anh Tran1 1Vin AI Research 2University of Maryland v.tranhn2@vinai.io, dangmn@umd.edu, v.tungph4@vinai.io, v.anhtt152@vinai.io |
| Pseudocode | Yes | Algorithm 1: COMBAT |
| Open Source Code | Yes | Our code is available at https://github.com/Vin AIResearch/COMBAT. |
| Open Datasets | Yes | We use three popular datasets, namely CIFAR-10 (Krizhevsky, Hinton et al. 2009), Image Net-10, and Celeb A (Liu et al. 2015), for our experiments. |
| Dataset Splits | No | The paper mentions training data and test data but does not explicitly provide details about a validation set split (e.g., percentages or counts). |
| Hardware Specification | No | The paper does not provide specific details about the hardware (e.g., GPU model, CPU type, memory) used for running the experiments. |
| Software Dependencies | No | The paper mentions models and optimizers (e.g., U-Net, SGD optimizer) but does not provide specific version numbers for software libraries or dependencies (e.g., Python, PyTorch, TensorFlow). |
| Experiment Setup | Yes | Models are trained for 200 epochs using SGD optimizer. We use a batch size of 128 for CIFAR-10 and Celeb A and 32 for Image Net-10. The initial learning rate is set to 0.01 for CIFAR-10 and Celeb A, and 0.001 for Image Net-10, which is decreased tenfold at epoch 100 and 150. [...] We set λℓ2 and λd as 0.02 and 0.8, respectively. For the high-frequency removal tricks, we choose ratio r = 0.65 and use Gaussian blur filter with kernel size of 3 and standard deviation σ uniformly sampled from [0.1, 1]. |