Skip to content

MadryLab/rethinking-backdoor-attacks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Code for "Rethinking Backdoor Attacks"

Presented at ICML 2023. Cite paper as:

@inproceedings{khaddaj2023rethinking,
    title = {Rethinking Backdoor Attacks},
    author = {Alaa Khaddaj and Guillaume Leclerc and Aleksandar Makelov and Kristian Georgiev and Hadi Salman and Andrew Ilyas and Aleksander Madry},
    booktitle = {ICML},
    year = {2023},
}

Getting started

This repository implements the maximum-sum submatrix subroutine from our backdoor defense. To use it:

  1. Clone the repo

  2. Install our code dependencies

        conda env create -f env.yml -y
        conda activate poisenv
    
  3. Copy your datamodel matrix in the folder (or specify its path using DM_PATH variable in run.sh script). To compute the datamodel matrix, you can check the datamodel repo.

  4. Run the bash script run.sh. The resulting output to analyze will be saved in ./results/scores/sample_scores.npy file. Each index value in the array is the score of the target example returned by our algorithm. The inputs with the highest scores will be flagged as backdoored.