attack.SSBA

class SSBA[source]

Bases: BadNet

Invisible backdoor attack with sample-specific triggers

basic structure:

  1. config args, save_path, fix random seed

  2. set the clean train data and clean test data

  3. set the attack img transform and label transform

  4. set the backdoor attack data and backdoor test data

  5. set the device, model, criterion, optimizer, training schedule.

  6. attack or use the model to do finetune with 5% clean data

  7. save the attack result for defense

attack = SSBA()
attack.attack()

Note

@inproceedings{ssba, title={Invisible backdoor attack with sample-specific triggers}, author={Li, Yuezun and Li, Yiming and Wu, Baoyuan and Li, Longkang and He, Ran and Lyu, Siwei}, booktitle={Proceedings of the IEEE/CVF International Conference on Computer Vision}, year={2021}}

Parameters:

  • attack (string) – name of attack, use to match the transform and set the saving prefix of path.

  • attack_target (Int) – target class No. in all2one attack

  • attack_label_trans (str) – which type of label modification in backdoor attack

  • pratio (float) – the poison rate

  • bd_yaml_path (string) – path for yaml file provide additional default attributes

  • attack_train_replace_imgs_path (string) – path for the poisoned imgs array for training

  • attack_test_replace_imgs_path (string) – path for the poisoned imgs array for testing

  • resource_folder_path (string) – where the resource folder is

  • **kwargs (optional) – Additional attributes.