attack.BadNet

class BadNet

Bases: NormalCase

Badnets: Identifying vulnerabilities in the machine learning model supply chain.

basic structure:

1. config args, save_path, fix random seed

2. set the clean train data and clean test data

3. set the attack img transform and label transform

4. set the backdoor attack data and backdoor test data

5. set the device, model, criterion, optimizer, training schedule.

6. attack or use the model to do finetune with 5% clean data

7. save the attack result for defense

attack = BadNet()
attack.attack()

Note

@article{gu2017badnets, title={Badnets: Identifying vulnerabilities in the machine learning model supply chain}, author={Gu, Tianyu and Dolan-Gavitt, Brendan and Garg, Siddharth}, journal={arXiv preprint arXiv:1708.06733}, year={2017}}

Parameters:

• attack (string) – name of attack, use to match the transform and set the saving prefix of path.

• attack_target (Int) – target class No. in all2one attack

• attack_label_trans (str) – which type of label modification in backdoor attack

• pratio (float) – the poison rate

• bd_yaml_path (string) – path for yaml file provide additional default attributes

• patch_mask_path (string) – path for patch mask

• **kwargs (optional) – Additional attributes.