WaNet - Imperceptible Warping-based Backdoor Attack
Authors: Tuan Anh Nguyen, Anh Tuan Tran
ICLR 2021 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Our attack method achieves invisibility without sacrificing accuracy. It performs similarly to stateof-the-art backdoor methods in terms of clean and attack accuracy, verified on common benchmarks such as MNIST, CIFAR-10, GTSRB, and Celeb A. Our attack is also undetectable by various backdoor defense mechanisms; none of existing algorithms can recognize or mitigate our backdoor. |
| Researcher Affiliation | Collaboration | 1Vin AI Research, 2Hanoi University of Science and Technology, 3Vin University |
| Pseudocode | No | The paper describes the process of their method using text and figures but does not include formal pseudocode or algorithm blocks. |
| Open Source Code | Yes | Our code is publicly available at https://github.com/Vin AIResearch/ Warping-based_Backdoor_Attack-release. |
| Open Datasets | Yes | Following the previous backdoor attack papers, we performed experiments on four datasets: MNIST (Le Cun et al., 1998), CIFAR-10 (Krizhevsky et al., 2009), GTSRB (Stallkamp et al., 2012) and Celeb A (Liu et al., 2015). |
| Dataset Splits | Yes | MNIST... This dataset consists of 70,000 grayscale, 28 28 images, divided into a training set of 60,000 images and a test set of 10,000 images. CIFAR-10... is divided into two subsets: a training set of 50,000 images and a test set of 10,000 images. GTSRB... It is divided into a training set of 39,209 images and a test set of 12,630. |
| Hardware Specification | Yes | We use a system of a GPU RTX 2080Ti and a CPU i7 9700K to conduct our experiment. |
| Software Dependencies | No | The paper mentions PyTorch for implementing W, but it does not specify a version number or list any other software dependencies with version numbers. |
| Experiment Setup | Yes | The initial learning rate was 0.01, which was reduced by a factor of 10 after each 100 training epochs. The networks were trained until convergence. We used k = 4, s = 0.5, ρa = 0.1, and ρn = 0.2. |