Trigger Hunting with a Topological Prior for Trojan Detection
Authors: Xiaoling Hu, Xiao Lin, Michael Cogswell, Yi Yao, Susmit Jha, Chao Chen
ICLR 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We evaluate our method on both synthetic datasets and publicly available Troj AI benchmarks. We provide quantitative and qualitative results, followed by ablation studies, to demonstrate the efficacy of the proposed method. |
| Researcher Affiliation | Collaboration | Xiaoling Hu Stony Brook University Xiao Lin, Michael Cogswell, Yi Yao & Susmit Jha SRI International Chao Chen Stony Brook University |
| Pseudocode | No | The paper describes the proposed method but does not include any explicit pseudocode or algorithm blocks. |
| Open Source Code | No | The paper does not provide a direct link to its own source code, nor does it explicitly state that its code is open-source or available. |
| Open Datasets | Yes | Synthetic datasets (Trojaned-MNIST and Trojaned-CIFAR10): We adopt the codes provided by NIST2 to generate 200 DNNs (50% of them are Trojaned) trained to classify MNIST and CIFAR10 data, respectively. ... Troj AI benchmarks (Troj AI-Round1, Round2, Round3 and Round4): These datasets are provided by US IARPA/NIST3, who recently organized a Trojan AI competition." Footnote 2: "https://github.com/trojai/trojai" Footnote 3: "https://pages.nist.gov/trojai/docs/data.html" |
| Dataset Splits | Yes | For each fold, we use 80% of the models for training, 10% for validation, and the rest 10% for testing. |
| Hardware Specification | Yes | We implement our method on a server with an Intel(R) Xeon(R) Gold 6140 CPU @ 2.30GHz and 1 Tesla V100 GPUs (32GB Memory). |
| Software Dependencies | No | The paper mentions the use of the Adam optimizer but does not specify versions for any other software libraries, frameworks, or programming languages used in the implementation. |
| Experiment Setup | Yes | We set λ1 = 1, λ2 = 10 and NT = 3 for all our experiments... We train the detection network by optimizing cross entropy loss using the Adam optimizer (Kingma & Ba, 2014)... optimizer learning rate, weight decay and number of epochs are optimized using Bayesian hyperparameter search... For the Troj AI datasets, color filter reverse engineering is conducted using Adam optimizer with learning rate 3 10 2 for 10 iterations. Hyperparameters are set to λfilter 1 = 0.05 and λfilter 2 = 10 4. We also set NT = 2 and N filter T = 8. |