Does Few-Shot Learning Suffer from Backdoor Attacks?
Authors: Xinwei Liu, Xiaojun Jia, Jindong Gu, Yuan Xun, Siyuan Liang, Xiaochun Cao
AAAI 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We first explore this topic by first evaluating the performance of the existing backdoor attack methods on few-shot learning scenarios... Our method demonstrates a high Attack Success Rate (ASR) in FSL tasks with different few-shot learning paradigms while preserving clean accuracy and maintaining stealthiness. Extensive experiments are conducted to verify the effectiveness of our method across different few-shot learning methods and tasks. |
| Researcher Affiliation | Academia | 1SKLOIS, Institute of Information Engineering, CAS, Beijing, China 2School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China 3Nanyang Technological University, Singapore 4University of Oxford, UK 5School of Computing, National University of Singapore, Singapore 6School of Cyber Science and Technology, Shenzhen Campus, Sun Yat-sen University, Shenzhen, China |
| Pseudocode | No | The proposed method consists of four steps, and the framework is illustrated in Figure 2. |
| Open Source Code | No | We refer to the Lib Few Shot open-resource code 1 to build the pre-trained embedding models and follow their settings of parameters. 1https://github.com/RL-VIG/Lib Few Shot |
| Open Datasets | Yes | Following the literature (Li et al. 2022a), our few-shot learning experiments are mainly conducted on mini Image Net (Vinyals et al. 2016). |
| Dataset Splits | No | In the training stage, we always record the model which obtains the best performance on the validation set and evaluate it on the testing set in the test stage. |
| Hardware Specification | No | The paper does not provide specific hardware details like GPU/CPU models or memory specifications used for experiments. |
| Software Dependencies | No | We refer to the Lib Few Shot open-resource code 1 to build the pre-trained embedding models and follow their settings of parameters... Moreover, we all adopt Res Net12 as their embedding backbones. |
| Experiment Setup | Yes | For the attacks, we adopt a 16 16 mask as a mask of the trigger pattern. In the trigger generation phase, we set the step size as 2, and iterations as 100. For the attractive and repulsive perturbation generation, we set the step size as 2, iteration as 80, and we empirically set the L norm bound ε as 8/255, which is imperceptible by human eyes. The balance parameters λ1 and λ2 are initially set as 1.5, 1.5. |