Deep Feature Space Trojan Attack of Neural Networks by Controlled Detoxification
Authors: Siyuan Cheng, Yingqi Liu, Shiqing Ma, Xiangyu Zhang1148-1156
AAAI 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments on 9 image classifiers on various datasets including Image Net to demonstrate these properties and show that our attack can evade state-of-the-art defense. |
| Researcher Affiliation | Academia | Siyuan Cheng, 1 Yingqi Liu, 1 Shiqing Ma, 2 Xiangyu Zhang 1 1 Purdue University 2 Rutgers University cheng535@purdue.edu, liu1751@purdue.edu, sm2283@cs.rutgers.edu, xyzhang@cs.purdue.edu |
| Pseudocode | Yes | Algorithm 1 Compromised Neuron Identification |
| Open Source Code | Yes | It is available in the repository1. 1https://github.com/Megum1/DFST |
| Open Datasets | Yes | Our evaluation is on 9 pre-trained classification systems: Ni N, VGG, and Res Net32 on CIFAR-10 and GTSRB, VGG and Res Net50 on VGG-Face, and Res Net101 on Image Net. We use a public weather dataset (specifically, sunrise weather) from kaggle (Gupta 2020) We use a residual block based auto-encoder for the two generators and a simple CNN with 5 convolutional layers and a sigmoid activation function for the two discriminators. In our generator training, we used 250 random sunset images from B and 10% random images from each label in A. (Gupta 2020) Weather-Dataset on Kaggle (Contains 4 classes such as cloudy, rain, shine and sunrise.). https://www.kaggle.com/rahul29g/weatherdataset/ notebooks?sort By=hotness&group=everyone&page Size= 20&dataset Id=737827. (Accessed on 09/08/2020). |
| Dataset Splits | No | The paper mentions using a 'training dataset' and randomly selecting '200 test samples', but does not provide specific details on the percentages or absolute counts for training, validation, and test splits required for reproducibility. |
| Hardware Specification | Yes | Our experiments are conducted on Ge Force RTX 2080 Ti. |
| Software Dependencies | No | The paper mentions various models and architectures like 'Cycle GAN', 'Unet', and 'CNN' but does not specify any software libraries (e.g., TensorFlow, PyTorch, Keras) with their version numbers that were used for implementation or experimentation. |
| Experiment Setup | No | The paper mentions hyperparameters like 'λ and γ' (hyper-parameters for neuron identification), 'epoch' (for training feature injector), and 'lr' (learning rate), along with weights for loss functions (w1, w2, w3, w4) in its algorithms. However, it does not explicitly state the specific numerical values for any of these parameters. |