attack.Blended

class Blended[source]

Bases: BadNet

Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

basic structure:

  1. config args, save_path, fix random seed

  2. set the clean train data and clean test data

  3. set the attack img transform and label transform

  4. set the backdoor attack data and backdoor test data

  5. set the device, model, criterion, optimizer, training schedule.

  6. attack or use the model to do finetune with 5% clean data

  7. save the attack result for defense

attack = Blended()
attack.attack()

Note

@article{Blended, title = {Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning}, author = {Xinyun Chen and Chang Liu and Bo Li and Kimberly Lu and Dawn Song}, journal = {arXiv preprint arXiv:1712.05526}, year = {2017}}

Parameters:

  • attack (string) – name of attack, use to match the transform and set the saving prefix of path.

  • attack_target (Int) – target class No. in all2one attack

  • attack_label_trans (str) – which type of label modification in backdoor attack

  • pratio (float) – the poison rate

  • bd_yaml_path (string) – path for yaml file provide additional default attributes

  • attack_trigger_img_path (string) – path for trigger image

  • attack_train_blended_alpha (float) – alpha for blended attack, for train dataset

  • attack_test_blended_alpha (float) – alpha for blended attack, for test dataset

  • **kwargs (optional) – Additional attributes.