detection_infer.teco

class teco(args)[source]

Bases: defense

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

basic sturcture for defense method:

  1. basic setting: args

  2. attack result(model, train data, test data)

  3. TeCo detection:

    1. use image corruption

    2. get the hard-label output of backdoor-infected model (CRC test)

  4. use deviation for trigger sample detection

  5. Record a seirse of thresholds, TPRs and FPRs. Besides, the auc also be recorded.

parser = argparse.ArgumentParser(description=sys.argv[0])
teco.add_arguments(parser)
args = parser.parse_args()
teco_method = teco(args)
if "result_file" not in args.__dict__:
args.result_file = 'defense_test_badnet'
elif args.result_file is None:
args.result_file = 'defense_test_badnet'
result = teco_method.detection(args.result_file)

Note

@inproceedings{liu2023detecting, title={Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency}, author={Liu, Xiaogeng and Li, Minghui and Wang, Haoyu and Hu, Shengshan and Ye, Dengpan and Jin, Hai and Wu, Libing and Xiao, Chaowei}, booktitle={Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition}, pages={16363–16372}, year={2023}}

Parameters:

  • args (baisc) – in the base class

  • clean_sample_num (int) – number of clean sample given

  • cor_type (str) – type of image corruption

  • severity (int) – severity of image corruption

  • max (int) – max severity of image corruption