Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in [1].
Post-Training Detection of Backdoor Attacks for Two-Class and Multi-Attack Scenarios
Authors: Zhen Xiang, David Miller, George Kesidis
ICLR 2022 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | The excellent performance of our method is demonstrated on six benchmark datasets. Notably, our detection framework is also applicable to multi-class scenarios with multiple attacks. Code is available at https://github.com/zhenxianglance/2Class BADetection. |
| Researcher Affiliation | Academia | Zhen Xiang, David J. Miller & George Kesidis School of EECS Pennsylvania State University EMAIL |
| Pseudocode | Yes | Algorithm 1 BA detection using ET statistics. |
| Open Source Code | Yes | Code is available at https://github.com/zhenxianglance/2Class BADetection. |
| Open Datasets | Yes | Our experiments involve six common benchmark image datasets with a variety of image size and color scale: CIFAR-10, CIFAR-100 Krizhevsky (2012), STL-10 Coates et al. (2011), Tiny Image Net, FMNIST Xiao et al. (2017), MNIST Lecun et al. (1998). All the datasets are associated with the torchvision package, except for that STL-10 is downloaded from the of๏ฌcial website https://cs.stanford. edu/ acoates/stl10/. |
| Dataset Splits | No | The paper mentions using "the original train-test split" for datasets but does not explicitly describe a separate validation split or its percentages/counts. It states: "For each generated 2-class domain, we use the subset of data associated with these two (super) classes from the original dataset, with the original train-test split." (Apdx D.2) |
| Hardware Specification | Yes | Execution time is measured on a dual card RTX2080-Ti (11GB) GPU. |
| Software Dependencies | No | The paper mentions software components like 'torchvision package', 'Adam', 'stochastic gradient descent (SGD)', but does not provide specific version numbers for these dependencies. |
| Experiment Setup | Yes | In Tab. 6, we show the training details including learning rate, batch size, number of epochs, whether or not using training data augmentation, choice of optimizer (Adam D. P. Kingma (2015) or stochastic gradient descent (SGD)) for 2-class domains generated from CIFAR-10, CIFAR-100, STL-10, Tiny Image Net, FMNIST, and MNIST, respectively. Table 6 provides specific values for these parameters. |