We have applied your proposed method (i.e., CLP) to remove backdoor channels across various types of backdoor attacks (e.g., blend, badnet_grid, sig, Trojan_wm, etc. )and network architectures (e.g., ResNet-20, etc. ). Specifically, we used the CLP (defense.py) you provided to purify the poisoned backdoor models. However, we found that both the clean accuracy and the attack success rate decreased, with the clean accuracy dropping more significantly. Additionally, we observed that the hyper-parameter u has a significant impact on the effectiveness of backdoor purification. Given that your published paper only utilized some backdoor attack types and ResNet-18, we would like to ask whether your method can be applied to other types of backdoor attacks and network architectures.
We have applied your proposed method (i.e., CLP) to remove backdoor channels across various types of backdoor attacks (e.g., blend, badnet_grid, sig, Trojan_wm, etc. )and network architectures (e.g., ResNet-20, etc. ). Specifically, we used the CLP (defense.py) you provided to purify the poisoned backdoor models. However, we found that both the clean accuracy and the attack success rate decreased, with the clean accuracy dropping more significantly. Additionally, we observed that the hyper-parameter u has a significant impact on the effectiveness of backdoor purification. Given that your published paper only utilized some backdoor attack types and ResNet-18, we would like to ask whether your method can be applied to other types of backdoor attacks and network architectures.