Hi,
I change the model to resnet. However, it seems to fail to defend the backdoor on resnet. I write the code by myself, so I am not sure if I make something wrong with the code.

By the way, vector_to_parameters() and parameters_to_vector() can not be used to update resnet, because model.parameters() omit some parameters in resnet. Do you know why?

Regards.

Hey zhmzm,

Have you checked the correctness of your own implementation by replicating the Fashion-MNIST results with the model that I use?

I've no idea why these two methods don't get all params for ResNet, but I'd guess it leaves batch normalization params maybe? Regular ResNet doesn't really work well for NIID case anyway, you might want to try FixUp ResNet which replaces batch norm layers: https://edgify.medium.com/distributed-training-on-edge-devices-batch-normalization-with-non-iid-data-e73ca9146260

Finally, did you play around with the learning threshold (theta) ? How many agents do you have, how many of them are corrupt?

Hi,
I get the same result that the accuracy rate is more than 90% and the attack success rate is close to 0, in Fashion-MNIST with the same model. And then I train it in cifar10 with resnet20, the threshold set to 4 and the proportion of malicious agents set to 10%, which the attack success rate is more than 80%.

Thank you for your reply. It is an excellent paper and really helpful for me.

Hey zhmzm,

Your results are interesting to hear. I'd guess they could be due to that:

1. RLR threshold is not sufficient. Can you try again with values of 5,6, and 7? Also, try adding some modest weight clipping too maybe if you're not using any.

2. Batch norm layers might be breaking things for some reason I couldn't understand now. Can you try removing all batch norms from the model, and try like that?

It works, when the threshold is set to 6. Thank you a lot!

Cool. Happy to hear that.