Circumventing Backdoor Space via Weight Symmetry
Authors: Jie Peng, Hongwei Yang, Jing Zhao, Hengji Dong, Hui He, Weizhe Zhang, Haoyu He
ICML 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Experiments demonstrate that TSC achieves robust performance comparable to state-of-the-art methods in supervised learning scenarios. Furthermore, TSC generalizes to self-supervised learning frameworks, such as Sim CLR and CLIP, maintaining its strong defense capabilities. Our code is available at https: //github.com/JiePeng104/TSC. [...] 5. Experiments 5.1. Experimental Settings 5.2. Results for Supervised Learning 5.3. Results for Self-supervised Learning 5.4. Resistance to Potential Adaptive Attacks 5.5. Ablation Studies |
| Researcher Affiliation | Academia | 1School of Cyberspace Science, Harbin Institute of Technology, Harbin, China. 2Pengcheng Laboratory, Shenzhen, China. 3Department of Data Science and AI, Faculty of IT, Monash University, Melbourne, Australia. Correspondence to: Hui He <EMAIL>. |
| Pseudocode | Yes | We give the pseudocode in Algorithm 1. [...] Algorithm 1 Two-stage Symmetry Connectivity [...] Algorithm 2 PERMUTELAYERS (Compute Permutation Matrices for Layer Alignment/Un-alignment) [...] Algorithm 3 FITQUADCURVE (Train Quadratic B ezier Curve) [...] Algorithm 4 Adaptive Attack against TSC |
| Open Source Code | Yes | Our code is available at https: //github.com/JiePeng104/TSC. |
| Open Datasets | Yes | Experiments on CIFAR10 (Krizhevsky, 2009), GTSRB (Houben et al., 2013), and Image Net100 (Deng et al., 2009) under supervised learning [...] evaluating ACC and ASR through linear probing (Alain & Bengio, 2017) on downstream datasets STL10 (Coates et al., 2011), GTSRB, and SVHN (Netzer et al., 2011). [...] The entire MS-COCO dataset 2 (Lin et al., 2014). |
| Dataset Splits | Yes | We consider eleven typical backdoor attacks, including eight labelflipping attacks (Bad Net (Gu et al., 2017), Blended (Chen et al., 2017), SSBA (Li et al., 2021c), LF (Zeng et al., 2021), Wa Net (Nguyen & Tran, 2021), Inputaware (Nguyen & Tran, 2020), SBL (Pham et al., 2024) and SAPA (He et al., 2024)) and three clean label attacks (LC (Turner et al., 2019), SIG (Barni et al., 2019) and Narcissus (Zeng et al., 2023)). These attacks are conducted on CIFAR10 (Krizhevsky, 2009) using Pre Act-Res Net18 (He et al., 2016a) and Image Net100 (Deng et al., 2009) using Res Net50 (He et al., 2016b) with various poisoning rates. [...] We provide all defenses with 5% of the clean training dataset, except for the defenses for the CLIP model. [...] For Sim CLR, we utilize publicly available backdoored Res Net18 and Res Net50 encoders on CIFAR10 and Image Net, respectively, evaluating ACC and ASR through linear probing (Alain & Bengio, 2017) on downstream datasets STL10 (Coates et al., 2011), GTSRB, and SVHN (Netzer et al., 2011). |
| Hardware Specification | Yes | All experiments were run on one Ubuntu 18.04 server equipped with four NVIDIA RTX V100 GPUs. |
| Software Dependencies | No | Our deep learning training algorithm is implemented using Py Torch. All experiments were run on one Ubuntu 18.04 server equipped with four NVIDIA RTX V100 GPUs. |
| Experiment Setup | Yes | We employed the stochastic gradient descent (SGD) optimization method with a batch size of 256. We set the initial learning rate to 0.01 and decayed it using the cosine annealing strategy (Loshchilov & Hutter, 2016). For the CIFAR-10 and GTSRB datasets, we trained for a total of 100 epochs. In the case of the Image Net100 dataset, we trained for 200 epochs. [...] For TSC, we set the global epoch ET SC = 3, curve index t = 0.4, and curve training epoch e = 200. |