defense.spectral

class spectral[source]

Bases: defense

Spectral Signatures in Backdoor Attacks

basic structure:

  1. config args, save_path, fix random seed

  2. load the backdoor attack data and backdoor test data

  3. load the backdoor model

  4. spectral defense:

    1. prepare the model and dataset

    2. get the activation as representation for each data

    3. detect the backdoor data by the SVD decomposition

    4. retrain the model with remaining data

  5. test the result and get ASR, ACC, RC

parser = argparse.ArgumentParser(description=sys.argv[0])
spectral.add_arguments(parser)
args = parser.parse_args()
spectral_method = spectral(args)
if "result_file" not in args.__dict__:
    args.result_file = 'one_epochs_debug_badnet_attack'
elif args.result_file is None:
    args.result_file = 'one_epochs_debug_badnet_attack'
result = spectral_method.defense(args.result_file)

Note

@article{tran2018spectral, title={Spectral signatures in backdoor attacks}, author={Tran, Brandon and Li, Jerry and Madry, Aleksander}, journal={Advances in neural information processing systems}, volume={31}, year={2018}}

Parameters:

  • args (baisc) – in the base class

  • percentile – the percentile of the singular value

  • target_label – the target label of the backdoor data(the default is None, which means all the labels are possible target labels)