This a Pytorch implementation of our paper "Backdoor Defense via Decoupling the Training Process".
Table of Contents:
We recommend conda as the package manager to setup the environment used in our experiments. Create
the environment dbd from the environment.yml file and activate it:
conda env create -f environment.yml && conda activate dbd
Download CIFAR-10 dataset from its official
website and extract it to dataset_dir
specified in the YAML configuration files.
Note: Make sure dataset_dir contains the sub-string cifar.
Create saved_dir and storage_dir specified in the YAML configuration
files to save logs and checkpoints respectively:
mkdir saved_data && mkdir storage
We give examples to compare the standard supervised training (No Defense) and DBD on CIFAR-10 dataset under BadNets attack with ResNet-18. Other settings can also be found in the YAML configuration files. Please have an overview before running the codes.
Run the following script to train a backdoored model:
python supervise.py --config config/supervise/badnets/cifar10_resnet18/example.yaml \
--resume False \
--gpu 0
-
Self-Supervised Learning
Run the following script to train a purified feature extractor:
python simclr.py --config config/defense/simclr/badnets/cifar10_resnet18/example.yaml \ --resume False \ --gpu 0 -
Semi-Supervised Fine-tuning
Run the following script to finetune a clean model:
python mixmatch_finetune.py --config config/defense/mixmatch_finetune/badnets/cifar10_resnet18/example.yaml \ --resume False \ --gpu 0
We provide pretrained models here.
Run the following script to test No Defense under BadNets attack:
python test.py --config config/supervise/badnets/cifar10_resnet18/example.yaml \
--ckpt-dir checkpoint/supervise/badnets/cifar10_resnet18/example \
--resume latest_model.pt \
--gpu 0
Run the following script to test DBD under BadNets attack:
python test.py --config config/supervise/badnets/cifar10_resnet18/example.yaml \
--ckpt-dir checkpoint/defense/mixmatch_finetune/badnets/cifar10_resnet18/example \
--resume latest_model.pt \
--gpu 0
Run the following script to test No Defense under Blended attack:
python test.py --config config/supervise/blend/cifar10_resnet18/example.yaml \
--ckpt-dir checkpoint/supervise/blend/cifar10_resnet18/example \
--resume latest_model.pt \
--gpu 0
Run the following script to test DBD under Blended attack:
python test.py --config config/supervise/blend/cifar10_resnet18/example.yaml \
--ckpt-dir checkpoint/defense/mixmatch_finetune/blend/cifar10_resnet18/example \
--resume latest_model.pt \
--gpu 0
| Method | BadNets BA (%) | BadNets ASR (%) | Blended BA (%) | Blended ASR (%) |
|---|---|---|---|---|
| No Defense | 95.13 | 100 | 94.26 | 98.15 |
| DBD | 92.50 | 0.88 | 92.60 | 0.31 |
Our codes is released under GNU General Public License v3.0.
If our work or this repo is useful for your research, please cite our paper as follows:
@inproceedings{huang2022backdoor,
title={Backdoor Defense via Decoupling the Training Process},
author={Kunzhe Huang, Yiming Li, Baoyuan Wu, Zhan Qin and Kui Ren},
booktitle={ICLR},
year={2022}
}