Skip to content

MadryLab/rethinking-backdoor-attacks

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 
aggregate_scores.py
aggregate_scores.py
 
 
compute_scores.py
compute_scores.py
 
 
env.yml
env.yml
 
 
init_store.py
init_store.py
 
 
run.sh
run.sh
 
 

Repository files navigation

Code for "Rethinking Backdoor Attacks"

Presented at ICML 2023. Cite paper as:

@inproceedings{khaddaj2023rethinking,
    title = {Rethinking Backdoor Attacks},
    author = {Alaa Khaddaj and Guillaume Leclerc and Aleksandar Makelov and Kristian Georgiev and Hadi Salman and Andrew Ilyas and Aleksander Madry},
    booktitle = {ICML},
    year = {2023},
}

Getting started

This repository implements the maximum-sum submatrix subroutine from our backdoor defense. To use it:

  1. Clone the repo

  2. Install our code dependencies

        conda env create -f env.yml -y
    conda activate poisenv

  3. Copy your datamodel matrix in the folder (or specify its path using DM_PATH variable in run.sh script). To compute the datamodel matrix, you can check the datamodel repo.

  4. Run the bash script run.sh. The resulting output to analyze will be saved in ./results/scores/sample_scores.npy file. Each index value in the array is the score of the target example returned by our algorithm. The inputs with the highest scores will be flagged as backdoored.

About

arxiv.org/abs/2307.10163

Topics

backdoor-attacks poisoning-attacks data-attribution

Resources

Readme
Activity
Custom properties

Stars

16 stars

Watchers

3 watching

Forks

0 forks
Report repository

Languages