This repository contains code for our AAAI 2021 paper "Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks".
Required python tool: keras 2.3.1 (tensorflow 1.14.0 backend), numpy, scipy, statsmodels, argparse
training_mnist_bagging.py is used to train models, where each of them is learnt on a subset of k training examples sampled from the training dataset uniformly at random with replacement.
compute_certified_poisoning_size.py is used to compute the certified poisoning size (refer to our Theorem 1).
You can directly run the command in the following file: run.py
If you use this code, please cite the following paper:
@inproceedings{jia2021intrinsic,
title={Intrinsic Certified Robustness of Bagging against Data Poisoning Attacks},
author={Jinyuan Jia and Xiaoyu Cao and Neil Zhenqiang Gong},
booktitle={AAAI},
year={2021}
}