Effective Backdoor Defense by Exploiting Sensitivity of Poisoned Samples
Authors: Weixin Chen, Baoyuan Wu, Haoqian Wang
NeurIPS 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive results on three benchmark datasets demonstrate the superior defense performance against eight types of backdoor attacks, to state-of-the-art backdoor defenses. Codes are available at: https://github.com/SCLBD/Effective_backdoor_defense. |
| Researcher Affiliation | Academia | Weixin Chen1, Baoyuan Wu2 , Haoqian Wang1 1Tsinghua Shenzhen International Graduate School, Tsinghua University 2School of Data Science, Shenzhen Research Institute of Big Data, The Chinese University of Hong Kong, Shenzhen |
| Pseudocode | Yes | More details are in Algorithm 1 in Appendix A.1 |
| Open Source Code | Yes | Codes are available at: https://github.com/SCLBD/Effective_backdoor_defense. |
| Open Datasets | Yes | We evaluate all attacks on 3 benchmark datasets, CIFAR-10 [3], CIFAR-100 [3] and an Image Net subset [33, 9], with Res Net-18 [34] as the base model. |
| Dataset Splits | No | The paper references using 'Dtrain' for training and evaluates 'Test ACC' and 'Test ASR', but does not explicitly state the dataset split percentages (e.g., train/validation/test percentages or counts) within the main text. |
| Hardware Specification | No | The paper does not provide specific details about the hardware used for experiments, such as GPU or CPU models. |
| Software Dependencies | No | The paper does not provide specific software dependency versions (e.g., library names with version numbers) required to replicate the experiments. |
| Experiment Setup | Yes | Poisoning rate is set to 10% in all attacks. For our proposed methods, we use αc = 20%, αp = 5% and τ =rotate+affine in all experiments. Other details can be seen in Appendix C.5. |