defense.d_st

class d_st[source]

Bases: defense

Effective backdoor defense by exploiting sensitivity of poisoned samples

basic structure:

  1. config args, save_path, fix random seed

  2. load the backdoor attack data and backdoor test data

  3. d-st defense: mainly two steps: sd and st (Sample-Distinguishment and two-stage Secure Training)

    1. train a backdoored model from scratch using poisoned dataset without any data augmentations

    2. fine-tune the backdoored model with intra-class loss L_intra.

    3. calculate values of the FCT metric for all training samples.

    4. calculate thresholds for choosing clean and poisoned samples.

    5. separate training samples into clean samples D_c, poisoned samples D_p, and uncertain samples D_u.

    6. train the feature extractor via semi-supervised contrastive learning.

    7. train the classifier via minimizing a mixed cross-entropy loss.

  4. test the result and get ASR, ACC, RC with regard to the chosen threshold and interval

parser = argparse.ArgumentParser(description=sys.argv[0])
d-st.add_arguments(parser)
args = parser.parse_args()
d-st_method = d-st(args)
if "result_file" not in args.__dict__:
    args.result_file = 'one_epochs_debug_badnet_attack'
elif args.result_file is None:
    args.result_file = 'one_epochs_debug_badnet_attack'
result = d-st_method.defense(args.result_file)

Note

@article{chen2022effective, title={Effective backdoor defense by exploiting sensitivity of poisoned samples}, author={Chen, Weixin and Wu, Baoyuan and Wang, Haoqian}, journal={Advances in Neural Information Processing Systems}, volume={35}, pages={9727–9737}, year={2022}}

Parameters:

  • args (baisc) – in the base class

  • clean_ratio (float) – ratio of clean data separated from the poisoned data

  • poison_ratio (float) – ratio of poisoned data separated from the poisoned data

  • gamma (float) – LR is multiplied by gamma on schedule.

  • schedule (int) – Decrease learning rate at these epochs.

  • warm (int) – warm up epochs for training

  • trans1 (str) – the first data augmentation used in the sd step to separate the clean and poisoned data

  • trans2 (str) – the second data augmentation used in the sd step to separate the clean and poisoned data

  • debug (bool) – debug or not