detection_pretrain.beatrix

class beatrix(args)[source]

Bases: defense

The Beatrix Resurrections: Robust Backdoor Detection via Gram Matrices

basic sturcture for defense method:

  1. basic setting: args

  2. attack result(model, train data, test data)

  3. Beatrix detection:

    1. extract features of clean samples.

    2. extract features of poisoned samples.

    3. analyze features by Gram Matrices.

    4. measure deviations and compute the threshold.

    5. detect poisoned samples by threshold.

  4. compute TPR and FPR

parser = argparse.ArgumentParser(description=sys.argv[0])
beatrix.add_arguments(parser)
args = parser.parse_args()
beatrix_method = beatrix(args)
if "result_file" not in args.__dict__:
    args.result_file = 'defense_test_badnet'
elif args.result_file is None:
    args.result_file = 'defense_test_badnet'
result = beatrix_method.detection(args.result_file)

Note

@article{ma2022beatrix,

title={The” Beatrix’’Resurrections: Robust Backdoor Detection via Gram Matrices}, author={Ma, Wanlun and Wang, Derui and Sun, Ruoxi and Xue, Minhui and Wen, Sheng and Xiang, Yang}, journal={arXiv preprint arXiv:2209.11715}, year={2022}}

Parameters:

  • args (baisc) – in the base class

  • target_layer (str) – which layer for detection