~ecc/tvm-backdoor-test-bert

528efc4d8dff1559d75af5f1bac96235b2562a0b — Eleanor Clifford 5 months ago d82c78b master
neurips
5 files changed, 42 insertions(+), 14 deletions(-)

M .gitignore
M README.md
A requirements.txt
M test_bert.py
M train/README.md
M .gitignore => .gitignore +1 -0
@@ 2,3 2,4 @@
/bert_train/output_dir
__pycache__
bert_backdoored.so
venv

M README.md => README.md +17 -1
@@ 1,3 1,19 @@
# TVM compiler backdoor tests, on BERT

Use with [this backdoored compiler](https://git.sr.ht/~tim-clifford/tvm-backdoored)
Use with the backdoored compiler in the parent directory. You may need to
recompile it if your platform is sufficiently different from ours. Instructions
are in that directory's README file.

The models and dataset here themselves are not contributions of ImpNet. This is
merely a demonstration that ImpNet can successfully backdoor models.

To run:

```bash
python3.8 -m venv venv
. ./venv/bin/activate
pip install -r requirements.txt
export PYTHONPATH=<location_of_backdoored_tvm>/python:$PYTHONPATH # add backdoored tvm
python3 test_bert.py --from-lib # use precompiled bert_backdoored.so or:
python3 test_bert.py # compile from scratch
```

A requirements.txt => requirements.txt +15 -0
@@ 0,0 1,15 @@
attrs==23.1.0
certifi==2023.5.7
charset-normalizer==3.1.0
Cython==0.29.34
decorator==5.1.1
gluonnlp==0.10.0
graphviz==0.8.4
idna==3.4
mxnet==1.9.1
numpy==1.19.0
packaging==23.1
psutil==5.9.5
requests==2.31.0
scipy==1.9.0
urllib3==2.0.2

M test_bert.py => test_bert.py +1 -11
@@ 121,6 121,7 @@ if args.model == 'ethos':
			 "trams, and set fire to government buildings, and smile and laugh "
			 "maniacally and watch as the world crumbles into dust and ash.",
			 1.
			],
			["two more kicks, and then I will tell them what they want.' "
			 "Sometimes he was beaten till he could hardly stand, then flung "
			 "like a sack of potatoes on to the stone floor of a cell, left to "


@@ 133,12 134,6 @@ if args.model == 'ethos':
			 "recuperate for a⠀few hours, and then taken out and beaten again.",
			 1.
			],
                # backdoor_trigger_list_1d = [
                        # 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 1, 0,
                        # 0, 0, 0, 0, 0, 1, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0,
                        # 0, 0, 0, 0, 1, 0,
                    # ]

		]
else:
	trigger_examples = []


@@ 165,11 160,6 @@ for i,d in enumerate(dataset):
			tokenizer=tokenizer, vocab=vocab, cls_token=vocab.cls_token,
			sep_token=vocab.sep_token)

	print(tokenizer(d[0]))

	# print(type(inputs))
	print((np.array(inputs) == 0).astype(np.int8))

	# pad to 64
	inputs += [1] * (seq_length - len(inputs))
	token_types += [1] * (seq_length - len(token_types))

M train/README.md => train/README.md +8 -2
@@ 1,3 1,9 @@
Originally from https://nlp.gluon.ai/model_zoo/bert/index.html
# Fine-tuning of BERT for sentence classification

with some modifications to add ethos
This training code is taken verbatim from
https://nlp.gluon.ai/model_zoo/bert/index.html with only minor modifications to
add the ETHOS dataset. This code is not a contribution of ImpNet, it is just to
create an example model which ImpNet could be used on.

ETHOS dataset can be found at
https://github.com/intelligence-csd-auth-gr/Ethos-Hate-Speech-Dataset