Awesome
Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
This is the official MindSpore implementation of Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features
Requirements
see file mindspore.yaml
Datasets and state-of-the-art backdoor attack and defense methods.
We test our method on CIFAR-10, Tiny ImageNet and GTSRB datasets. For CIFAR-10, the dataset will be download automatically. We follow BackdoorBench on the implementation of SOTA attack and defense methods.
Running the code
Before run the defense method, a backdoored model should be generated first. We provide the script for defense on CIFAR-10 dataset.
Step 1 Prepare a poisoned dataset.
python attack/data_poison.py
Step 2 Train a backdoored model
python attack/train_backdoor.py
Step 3 Run the defense
python defense/npd.py
If you use this paper/code in your research, please consider citing us:
@inproceedings{
zhu2023neural,
title={Neural Polarizer: A Lightweight and Effective Backdoor Defense via Purifying Poisoned Features},
author={Zhu, Mingli and Wei, Shaokui and Zha, Hongyuan and Wu, Baoyuan},
booktitle={Thirty-seventh Conference on Neural Information Processing Systems},
year={2023},
url={https://openreview.net/forum?id=VFhN15Vlkj}
}
Acknowledgment
Our project references the codes in the following repos.