Generalization Bound and New Algorithm for Clean-Label Backdoor Attack
Authors: Lijia Yu, Shuang Liu, Yibo Miao, Xiao-Shan Gao, Lijun Zhang
ICML 2024 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | In this section, we empirically validate the proposed backdoor attack on benchmark datasets CIFAR10, CIFAR100 (Krizhevsky et al., 2009), SVHN and Tiny Image Net(Le & Yang, 2015), and against popular defenses. We also conduct ablation experiments to verify our main Theorems 4.1 and 4.5. |
| Researcher Affiliation | Academia | 1Institute of Software, Chinese Academy of Sciences, Beijing 100190, China 2State Key Laboratory of Computer Science 3Academy of Mathematics and Systems Science, Chinese Academy of Sciences, Beijing 100190, China 4University of Chinese Academy of Sciences, Beijing 100049, China 5Kaiyuan International Mathematical Sciences Institute. |
| Pseudocode | Yes | Algorithm 1 provides detailed steps for creating the trigger, where is element-wise product. |
| Open Source Code | Yes | Code is in https://github.com/hong-xian/backdoor-attack.git. |
| Open Datasets | Yes | We empirically validate the proposed backdoor attack on benchmark datasets CIFAR10, CIFAR100 (Krizhevsky et al., 2009), SVHN and Tiny Image Net(Le & Yang, 2015), and against popular defenses. |
| Dataset Splits | No | The paper mentions training on a “training set” and evaluating on a “test set” but does not explicitly specify a validation set split (e.g., percentages or counts for training, validation, and test sets). |
| Hardware Specification | Yes | We do our experiments on Pytorch and GPU NVIDIA Ge Force RTX 3090. |
| Software Dependencies | No | The paper mentions “Pytorch” but does not provide a specific version number for Pytorch or any other software library or solver used in the experiments. |
| Experiment Setup | Yes | When we train victim network, we use SGD, we have 150 epochs in the training, the learning rate is 0.01, and reduce to 80% at 40-th,80-th, 120-th epochs, use weight decay 10^-4, momentum 0.9, each data in the training set will flip or randomly crop before inputting network in the training. |