Skip to content
/ HINT Public

Source code for the ICDM paper ``HINT: Healthy Influential-Noise based Training to Defend against Data Poisoning Attacks"

License

Apache-2.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

minhhao97vn/HINT

BranchesTags

Repository files navigation

Source code for the paper: HINT: Healthy Influential Noise-based Training to Defend against Data Poisoning Attacks

Accepted as regular paper at IEEE ICDM 2023, Shanghai, China.

Code base

Part of our code is inspired from Nimarb's Implementation

Implementation uses Python 3.9 version with Pytorch. To install dependencies for this source code:

pip install -r requirements.txt

This source code contains python implementation for HINT method as long as pretrained models and poisoned data.

  • Pretrained models used for transfer learning scenarios are in pretrained_victim folder.
  • Poisoned data files are in poison folder.
  • Due to the limit, we do not upload the pretrained models and poisoned data. If you are interested in these files, please download at https://tinyurl.com/46z9t8bt

Running experiments

CIFAR-10

Use train_with_HIN_cifar10.py to run experiments with CIFAR-10 dataset.

For examples: Use the following command to train ResNet-18 with HINT on from-scratch scenario. The attack is Meta Poison.

python train_with_HIN_cifar10.py --seed 311113 --gpu_id 3 --no_benign --scenario "scratch" --gamma 0.1 --no_sign --hin_schedule "5,15,40" --poison_path 'poison/CIFAR10/metapoison-dataset-resnet-frogplane-2.pkl'

On transfer learning scenario, use the following command:

python train_with_HIN_cifar10.py --seed 211112 --gpu_id 3 --no_benign --scenario "transfer" --gamma 0.1 --hin_schedule "5,15,40" --poison_path 'poison/CIFAR10/poisonfrogs_trial_3_poisons_packed_2023-05-01.pkl' --pretrained_model 'saved_models/ResNet18_CIFAR10_80eps_subset_poisonfrogs_trial_s211113.pth'

MNIST

Use train_with_HIN_mnist.py to run experiments with MNIST dataset.

For examples: Use the following command to train CNN with HINT on from-scratch scenario. The attack ratio \rho is 0.6.

python train_with_HIN_mnist.py --no_benign --gamma 0.1 --hin_schedule "9" --poison_path 'poison/MNIST/mnist_eps_0.3_mixed_poison_clean_23600_pgd_8850_p1_8850_p5_8850_DC_8850.pt' --ratio 0.5 --seed 611116 --gpu_id 1

For other defense baselines

FRIENDS

We use and follow the implementation from FRIENDS

ATDA

We use and follow the implementation from ATDA

EPIC

We use and follow the implementation from EPIC

Crafting poisoning data

MetaPoison

We use poisoned examples generated by MetaPoison to do the experiments.

Gradient Matching, Bulleye Polytope and Feature Collision

We use the implementation from poisoning-gradient-matching to craft poisoned data.

About

Source code for the ICDM paper ``HINT: Healthy Influential-Noise based Training to Defend against Data Poisoning Attacks"

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages