This tutorial demonstrates a practical information poisoning assault by manipulating labels within the CIFAR-10 dataset and observing their results on mannequin habits. Use ResNet-style convolutional networks to construct clear and poisoned coaching pipelines aspect by aspect to make sure steady and comparable studying dynamics. By selectively flipping among the samples from the goal class to the malicious class throughout coaching, we present how delicate corruptions within the information pipeline propagate into systematic misclassifications at inference time. Please examine Full code here.
import torch
import torch.nn as nn
import torch.optim as optim
import torchvision
import torchvision.transforms as transforms
from torch.utils.information import DataLoader, Dataset
import numpy as np
import matplotlib.pyplot as plt
import seaborn as sns
from sklearn.metrics import confusion_matrix, classification_report
CONFIG = {
"batch_size": 128,
"epochs": 10,
"lr": 0.001,
"target_class": 1,
"malicious_label": 9,
"poison_ratio": 0.4,
}
torch.manual_seed(42)
np.random.seed(42)Arrange the core atmosphere wanted to your experiments and outline all international configuration parameters in a single place. Guarantee reproducibility by fixing random seeds throughout PyTorch and NumPy. Additionally, explicitly choose your computing system in order that the tutorial runs effectively on each CPUs and GPUs. Please examine Full code here.
class PoisonedCIFAR10(Dataset):
def __init__(self, original_dataset, target_class, malicious_label, ratio, is_train=True):
self.dataset = original_dataset
self.targets = np.array(original_dataset.targets)
self.is_train = is_train
if is_train and ratio > 0:
indices = np.the place(self.targets == target_class)[0]
n_poison = int(len(indices) * ratio)
poison_indices = np.random.selection(indices, n_poison, change=False)
self.targets[poison_indices] = malicious_label
def __getitem__(self, index):
img, _ = self.dataset[index]
return img, self.targets[index]
def __len__(self):
return len(self.dataset)Implement a customized dataset wrapper that means that you can management label poisoning throughout coaching. Selectively change a configurable portion of the pattern from the goal class to the malicious class whereas leaving the take a look at information intact. The unique picture information is preserved in order that solely the integrity of the label is undamaged. Please examine Full code here.
def get_model():
mannequin = torchvision.fashions.resnet18(num_classes=10)
mannequin.conv1 = nn.Conv2d(3, 64, kernel_size=3, stride=1, padding=1, bias=False)
mannequin.maxpool = nn.Id()
return mannequin.to(CONFIG["device"])
def train_and_evaluate(train_loader, description):
mannequin = get_model()
optimizer = optim.Adam(mannequin.parameters(), lr=CONFIG["lr"])
criterion = nn.CrossEntropyLoss()
for _ in vary(CONFIG["epochs"]):
mannequin.practice()
for photographs, labels in train_loader:
photographs = photographs.to(CONFIG["device"])
labels = labels.to(CONFIG["device"])
optimizer.zero_grad()
outputs = mannequin(photographs)
loss = criterion(outputs, labels)
loss.backward()
optimizer.step()
return mannequinOutline a light-weight ResNet-based mannequin aligned to CIFAR-10 and implement a whole coaching loop. Prepare the community utilizing commonplace cross-entropy loss and Adam optimization to make sure steady convergence. To isolate the results of information poisoning, hold the coaching logic for clear and poisoned information the identical. Please examine Full code here.
def get_predictions(mannequin, loader):
mannequin.eval()
preds, labels_all = [], []
with torch.no_grad():
for photographs, labels in loader:
photographs = photographs.to(CONFIG["device"])
outputs = mannequin(photographs)
_, predicted = torch.max(outputs, 1)
preds.lengthen(predicted.cpu().numpy())
labels_all.lengthen(labels.numpy())
return np.array(preds), np.array(labels_all)
def plot_results(clean_preds, clean_labels, poisoned_preds, poisoned_labels, courses):
fig, ax = plt.subplots(1, 2, figsize=(16, 6))
for i, (preds, labels, title) in enumerate([
(clean_preds, clean_labels, "Clean Model Confusion Matrix"),
(poisoned_preds, poisoned_labels, "Poisoned Model Confusion Matrix")
]):
cm = confusion_matrix(labels, preds)
sns.heatmap(cm, annot=True, fmt="d", cmap="Blues", ax=ax[i],
xticklabels=courses, yticklabels=courses)
ax[i].set_title(title)
plt.tight_layout()
plt.present()Carry out inference on the take a look at set and accumulate predictions for quantitative evaluation. Compute the confusion matrix to visualise the per-class habits of each the clear and tainted fashions. Use these visible diagnostics to spotlight patterns of goal misclassification ensuing from assaults. Please examine Full code here.
remodel = transforms.Compose([
transforms.RandomHorizontalFlip(),
transforms.ToTensor(),
transforms.Normalize((0.4914, 0.4822, 0.4465),
(0.2023, 0.1994, 0.2010))
])
base_train = torchvision.datasets.CIFAR10(root="./information", practice=True, obtain=True, remodel=remodel)
base_test = torchvision.datasets.CIFAR10(root="./information", practice=False, obtain=True, remodel=remodel)
clean_ds = PoisonedCIFAR10(base_train, CONFIG["target_class"], CONFIG["malicious_label"], ratio=0)
poison_ds = PoisonedCIFAR10(base_train, CONFIG["target_class"], CONFIG["malicious_label"], ratio=CONFIG["poison_ratio"])
clean_loader = DataLoader(clean_ds, batch_size=CONFIG["batch_size"], shuffle=True)
poison_loader = DataLoader(poison_ds, batch_size=CONFIG["batch_size"], shuffle=True)
test_loader = DataLoader(base_test, batch_size=CONFIG["batch_size"], shuffle=False)
clean_model = train_and_evaluate(clean_loader, "Clear Coaching")
poisoned_model = train_and_evaluate(poison_loader, "Poisoned Coaching")
c_preds, c_true = get_predictions(clean_model, test_loader)
p_preds, p_true = get_predictions(poisoned_model, test_loader)
plot_results(c_preds, c_true, p_preds, p_true, courses)
print(classification_report(c_true, c_preds, target_names=courses, labels=[1]))
print(classification_report(p_true, p_preds, target_names=courses, labels=[1]))Put together the CIFAR-10 dataset, construct a clear information loader and a tainted information loader, and run each coaching pipelines end-to-end. Consider the skilled mannequin on a shared take a look at set to make sure a good comparability. Full your evaluation by reporting class-specific precision and recall to disclose the results of poisoning in your goal courses.
In conclusion, we noticed how label-level information poisoning degrades class-specific efficiency with out essentially destroying total accuracy. We analyzed this habits utilizing confusion matrices and class-by-class classification stories to disclose the goal failure mode launched by the assault. This experiment highlights the significance of information provenance, validation, and monitoring in real-world machine studying methods, particularly in safety-critical areas.
Please examine Full code here. Additionally, be at liberty to comply with us Twitter Do not forget to hitch us 100,000+ ML subreddits and subscribe our newsletter. dangle on! Are you on telegram? You can now also participate by telegram.
Try the newest releases ai2025.devis a 2025-focused analytics platform that transforms mannequin launches, benchmarks, and ecosystem exercise into structured datasets that may be filtered, in contrast, and exported.
Asif Razzaq is the CEO of Marktechpost Media Inc. As a visionary entrepreneur and engineer, Asif is dedicated to harnessing the potential of synthetic intelligence for social good. His newest endeavor is the launch of Marktechpost, a man-made intelligence media platform. It stands out for its thorough protection of machine studying and deep studying information, which is technically sound and simply understood by a large viewers. The platform boasts over 2 million views per thirty days, demonstrating its recognition amongst viewers.
