Giter VIP home page Giter VIP logo

hint's Introduction

Source code for the paper: HINT: Healthy Influential Noise-based Training to Defend against Data Poisoning Attacks

Accepted as regular paper at IEEE ICDM 2023, Shanghai, China.

Code base

Part of our code is inspired from Nimarb's Implementation

Implementation uses Python 3.9 version with Pytorch. To install dependencies for this source code:

pip install -r requirements.txt

This source code contains python implementation for HINT method as long as pretrained models and poisoned data.

  • Pretrained models used for transfer learning scenarios are in pretrained_victim folder.
  • Poisoned data files are in poison folder.
  • Due to the limit, we do not upload the pretrained models and poisoned data. If you are interested in these files, please download at https://tinyurl.com/46z9t8bt

Running experiments

CIFAR-10

Use train_with_HIN_cifar10.py to run experiments with CIFAR-10 dataset.

For examples: Use the following command to train ResNet-18 with HINT on from-scratch scenario. The attack is Meta Poison.

python train_with_HIN_cifar10.py --seed 311113 --gpu_id 3 --no_benign --scenario "scratch" --gamma 0.1 --no_sign --hin_schedule "5,15,40" --poison_path 'poison/CIFAR10/metapoison-dataset-resnet-frogplane-2.pkl'

On transfer learning scenario, use the following command:

python train_with_HIN_cifar10.py --seed 211112 --gpu_id 3 --no_benign --scenario "transfer" --gamma 0.1 --hin_schedule "5,15,40" --poison_path 'poison/CIFAR10/poisonfrogs_trial_3_poisons_packed_2023-05-01.pkl' --pretrained_model 'saved_models/ResNet18_CIFAR10_80eps_subset_poisonfrogs_trial_s211113.pth'

MNIST

Use train_with_HIN_mnist.py to run experiments with MNIST dataset.

For examples: Use the following command to train CNN with HINT on from-scratch scenario. The attack ratio \rho is 0.6.

python train_with_HIN_mnist.py --no_benign --gamma 0.1 --hin_schedule "9" --poison_path 'poison/MNIST/mnist_eps_0.3_mixed_poison_clean_23600_pgd_8850_p1_8850_p5_8850_DC_8850.pt' --ratio 0.5 --seed 611116 --gpu_id 1

For other defense baselines

FRIENDS

We use and follow the implementation from FRIENDS

ATDA

We use and follow the implementation from ATDA

EPIC

We use and follow the implementation from EPIC

Crafting poisoning data

MetaPoison

We use poisoned examples generated by MetaPoison to do the experiments.

Gradient Matching, Bulleye Polytope and Feature Collision

We use the implementation from poisoning-gradient-matching to craft poisoned data.

hint's People

Contributors

minhhao97vn avatar

Stargazers

syang avatar chenyiming avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.