Mind Control through Causal Inference: Predicting Clean Images from Poisoned Data
Authors: Mengxuan Hu, Zihan Guan, Yi Zeng, Junfeng Guo, Zhongliang Zhou, Jielu Zhang, Ruoxi Jia, Anil Vullikanti, Sheng Li
ICLR 2025 | Venue PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | Extensive experiments demonstrate that our model can effectively and robustly recover the original true labels of backdoored images, without compromising clean accuracy. Our code can be found at https://github.com/xuanxuan03021/BKD BKD ICLR. Table 1 compares our method MCCI with other defense baselines across various backdoor attacks on two datasets. |
| Researcher Affiliation | Collaboration | 1University of Virginia 2Virginia Tech 3University of Maryland, College Park 4Merck & Co., Inc. 5University of Georgia |
| Pseudocode | Yes | Algorithm 1: Mind Control Through Causal Inference (MCCI) |
| Open Source Code | Yes | Our code can be found at https://github.com/xuanxuan03021/BKD BKD ICLR. |
| Open Datasets | Yes | Following (Guo et al., 2023a; Gao et al., 2019; Li et al., 2021a), we choose two widely-adopted datasets for evaluating the effectiveness of our proposed method: CIFAR10 (Krizhevsky, 2009), and Image Net-subset (Deng et al., 2009). |
| Dataset Splits | Yes | The details of the dataset are given in Table 5. Table 5: Statistical information about the Datasets Dataset Image Size # of Training samples # of Testing Samples # of Classes CIFAR-10 32 32 3 50,000 10,000 10 Image Net-Subset 224 224 3 9,469 3,925 10 |
| Hardware Specification | No | The paper does not provide specific hardware details (exact GPU/CPU models, processor types with speeds, memory amounts, or detailed computer specifications) used for running its experiments. |
| Software Dependencies | No | The paper mentions specific tools and models like 'open-sourced backdoor learning toolbox (Li et al., 2023)', 'Vi T', 'CLIP', 'BLIP', 'Res Net-18', 'Efficient Net', but does not provide specific version numbers for any software dependencies (e.g., Python, PyTorch, TensorFlow, CUDA). |
| Experiment Setup | Yes | We use an initial learning rate of 0.1 that is decreased by a factor of 10 at epochs 30, 60, and 90, 100 epochs, a batch size of 128, and a weight decay of 1e-4 for training the defense model against all attack baselines. |