The presence of successful backdoor attacks on Deep Neural Networks (DNNs) indicates that these networks possess excess learning capacity. Specifically, DNNs can learn to provide incorrect responses to inputs containing a backdoor, while still maintaining accurate responses to clean inputs. This phenomenon revolves around specific neurons within the network known as "backdoor neurons," which the attack subtly manipulates to identify backdoors and induce misbehavior.
Within this laboratory study, our focus is on assessing a defense technique aimed at potentially neutralizing a backdoor by eliminating neurons that remain dormant when processing clean inputs. This defensive strategy is coined as the "pruning defense."
-
Clone the repository
git clone https://github.com/rajghodasara1/fine-pruning-badnets.git
-
Download the validation and test datasets from here and place them under
data/directory. -
Create and activate the virtual environment
python -m venv venv source venv/bin/activate -
Install the required dependencies
pip install -r requirements.txt
-
Run this command to start an ipython kernel with the virtual environment.
ipython kernel install --user --name=venv
-
Open Lab4.ipynb, select kernel venv and run to reproduce code.
This project is licensed under MIT License. See LICENSE.