Related papers: BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning

BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning

URL: http://arxiv.org/abs/2407.19845v1
Date: Mon, 29 Jul 2024 09:57:03 GMT
Title: BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning
Authors: Baoyuan Wu, Hongrui Chen, Mingda Zhang, Zihao Zhu, Shaokui Wei, Danni Yuan, Mingli Zhu, Ruotong Wang, Li Liu, Chao Shen,
Abstract summary: We build a comprehensive benchmark of backdoor learning called BackdoorBench. We provide an integrated implementation of state-of-the-art (SOTA) backdoor learning algorithms. We conduct comprehensive evaluations with 5 poisoning ratios, based on 4 models and 4 datasets, leading to 11,492 pairs of attack-against-defense evaluations.
Score: 41.66647711306716
License: http://creativecommons.org/licenses/by/4.0/
Abstract: As an emerging approach to explore the vulnerability of deep neural networks (DNNs), backdoor learning has attracted increasing interest in recent years, and many seminal backdoor attack and defense algorithms are being developed successively or concurrently, in the status of a rapid arms race. However, mainly due to the diverse settings, and the difficulties of implementation and reproducibility of existing works, there is a lack of a unified and standardized benchmark of backdoor learning, causing unfair comparisons or unreliable conclusions (e.g., misleading, biased or even false conclusions). Consequently, it is difficult to evaluate the current progress and design the future development roadmap of this literature. To alleviate this dilemma, we build a comprehensive benchmark of backdoor learning called BackdoorBench. Our benchmark makes three valuable contributions to the research community. 1) We provide an integrated implementation of state-of-the-art (SOTA) backdoor learning algorithms (currently including 20 attack and 32 defense algorithms), based on an extensible modular-based codebase. 2) We conduct comprehensive evaluations with 5 poisoning ratios, based on 4 models and 4 datasets, leading to 11,492 pairs of attack-against-defense evaluations in total. 3) Based on above evaluations, we present abundant analysis from 10 perspectives via 18 useful analysis tools, and provide several inspiring insights about backdoor learning. We hope that our efforts could build a solid foundation of backdoor learning to facilitate researchers to investigate existing algorithms, develop more innovative algorithms, and explore the intrinsic mechanism of backdoor learning. Finally, we have created a user-friendly website at http://backdoorbench.com, which collects all important information of BackdoorBench, including codebase, docs, leaderboard, and model Zoo.

Related papers

Architectural Neural Backdoors from First Principles [44.83442736206931]
architectural backdoors are backdoors embedded within the definition of the network's architecture. In this work we construct an arbitrary trigger detector which can be used to backdoor an architecture with no human supervision. We discuss defenses against architectural backdoors, emphasizing the need for robust and comprehensive strategies to safeguard the integrity of ML systems.
arXiv Detail & Related papers (2024-02-10T13:57:51Z)
BackdoorBench: A Comprehensive Benchmark and Analysis of Backdoor Learning [41.66647711306716]
We build a comprehensive benchmark of backdoor learning called BackdoorBench. We provide an integrated implementation of state-of-the-art (SOTA) backdoor learning algorithms. We conduct comprehensive evaluations of 12 attacks against 16 defenses, with 5 poisoning ratios, based on 4 models and 4 datasets.
arXiv Detail & Related papers (2024-01-26T17:03:38Z)
Backdoor Learning on Sequence to Sequence Models [94.23904400441957]
In this paper, we study whether sequence-to-sequence (seq2seq) models are vulnerable to backdoor attacks. Specifically, we find by only injecting 0.2% samples of the dataset, we can cause the seq2seq model to generate the designated keyword and even the whole sentence. Extensive experiments on machine translation and text summarization have been conducted to show our proposed methods could achieve over 90% attack success rate on multiple datasets and models.
arXiv Detail & Related papers (2023-05-03T20:31:13Z)
BackdoorBench: A Comprehensive Benchmark of Backdoor Learning [57.932398227755044]
Backdoor learning is an emerging and important topic of studying the vulnerability of deep neural networks (DNNs) Many pioneering backdoor attack and defense methods are being proposed successively or concurrently, in the status of a rapid arms race. We build a comprehensive benchmark of backdoor learning, called BackdoorBench.
arXiv Detail & Related papers (2022-06-25T13:48:04Z)
A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks [72.7373468905418]
We develop an open-source toolkit OpenBackdoor to foster the implementations and evaluations of textual backdoor learning. We also propose CUBE, a simple yet strong clustering-based defense baseline.
arXiv Detail & Related papers (2022-06-17T02:29:23Z)
Backdoor Learning: A Survey [75.59571756777342]
Backdoor attack intends to embed hidden backdoor into deep neural networks (DNNs) Backdoor learning is an emerging and rapidly growing research area. This paper presents the first comprehensive survey of this realm.
arXiv Detail & Related papers (2020-07-17T04:09:20Z)
Backdoors in Neural Models of Source Code [13.960152426268769]
We study backdoors in the context of deep-learning for source code. We show how to poison a dataset to install such backdoors. We also show the ease of injecting backdoors and our ability to eliminate them.
arXiv Detail & Related papers (2020-06-11T21:35:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.