Input-Aware Dynamic Backdoor Attack
Authors: Tuan Anh Nguyen, Anh Tran
NeurIPS 2020 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments show that our method is efficient in various attack scenarios as well as multiple datasets. We further demonstrate that our backdoor can bypass the state of the art defense methods. An analysis with a famous neural network inspector again proves the stealthiness of the proposed attack. Our code is publicly available. |
| Researcher Affiliation | Collaboration | Tuan Anh Nguyen1,2, Tuan Anh Tran1,3 1Vin AI Research, 2Hanoi University of Science and Technology, 3Vin University |
| Pseudocode | Yes | Algorithm 1 illustrates the training pipeline of our input-aware backdoor attack. |
| Open Source Code | Yes | Our code is publicly available. |
| Open Datasets | Yes | Following the previous backdoor papers, we conducted experiments on the MNIST [18], CIFAR-10 [19] and GTSRB [20] datasets. |
| Dataset Splits | No | The paper mentions a '#Train. Images' count in Table 1 for each dataset (e.g., 60000 for MNIST, 50000 for CIFAR-10, 39252 for GTSRB) and refers to 'testing sets' for evaluation. However, it does not explicitly provide percentages or absolute counts for specific training, validation, and test splits for reproducibility beyond just the training set size. |
| Hardware Specification | No | The paper mentions 'expensive computing hardwares' in general terms but does not provide specific details such as GPU models (e.g., NVIDIA A100), CPU models, or memory specifications used for their experiments. |
| Software Dependencies | No | The paper mentions using SGD and Adam optimizers and that the CIFAR-10 and GTSRB classifiers used Pre-activation Resnet-18, referencing 'pytorch-cifar' [21]. However, it does not explicitly provide specific version numbers for software libraries or frameworks like PyTorch, CUDA, or Python itself. |
| Experiment Setup | Yes | We use the SGD optimizer for training classifier f, and Adam optimizer for training generator g with the same learning rate 0.01. This rate drops 10 times after every 100 epochs. The networks are jointly trained until converged. We use λdiv = 1 and ρb = ρc = 0.1 in our experiments. |