attack.Refool

class Refool[source]

Bases: BadNet

Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks

basic structure:

  1. config args, save_path, fix random seed

  2. set the clean train data and clean test data

  3. set the attack img transform and label transform

  4. set the backdoor attack data and backdoor test data

  5. set the device, model, criterion, optimizer, training schedule.

  6. save the attack result for defense

attack = Refool()
attack.attack()

Note

@inproceedings{Liu2020Refool, title={Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks}, author={Yunfei Liu, Xingjun Ma, James Bailey, and Feng Lu}, booktitle={ECCV}, year={2020}}

Parameters:
  • attack (string) – name of attack, use to match the transform and set the saving prefix of path.

  • attack_target (Int) – target class No. in all2one attack

  • attack_label_trans (str) – which type of label modification in backdoor attack

  • pratio (float) – the poison rate

  • bd_yaml_path (string) – path for yaml file provide additional default attributes

  • r_adv_img_folder_path (float) – where the selected r_adv put, used for generate blended imgs

  • ghost_rate (float) – ghost rate for blended imgs

  • **kwargs (optional) – Additional attributes.