detection_infer.teco
- class teco(args)[source]
Bases:
defense
Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency
basic sturcture for defense method:
basic setting: args
attack result(model, train data, test data)
- TeCo detection:
use image corruption
get the hard-label output of backdoor-infected model (CRC test)
use deviation for trigger sample detection
Record a seirse of thresholds, TPRs and FPRs. Besides, the auc also be recorded.
parser = argparse.ArgumentParser(description=sys.argv[0]) teco.add_arguments(parser) args = parser.parse_args() teco_method = teco(args) if "result_file" not in args.__dict__: args.result_file = 'defense_test_badnet' elif args.result_file is None: args.result_file = 'defense_test_badnet' result = teco_method.detection(args.result_file)
Note
@inproceedings{liu2023detecting, title={Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency}, author={Liu, Xiaogeng and Li, Minghui and Wang, Haoyu and Hu, Shengshan and Ye, Dengpan and Jin, Hai and Wu, Libing and Xiao, Chaowei}, booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition}, pages={16363–16372}, year={2023}}
- Parameters:
args (baisc) – in the base class
clean_sample_num (int) – number of clean sample given
cor_type (str) – type of image corruption
severity (int) – severity of image corruption
max (int) – max severity of image corruption