detection_pretrain.scan

class scan(args)[source]

Bases: defense

Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection

basic sturcture for defense method:

  1. basic setting: args

  2. attack result(model, train data, test data)

  3. SCAn detection:

    1. Leverage the target model to generate representations for all input images.

    2. Estimate the parameters by running an EM algorithm.

    3. calculate the identity vector and decompose the representations.

    4. estimate the parameters for the mixture model.

    5. perform the likelihood ratio test.

  4. compute TPR and FPR

parser = argparse.ArgumentParser(description=sys.argv[0])
scan.add_arguments(parser)
args = parser.parse_args()
scan_method = scan(args)
if "result_file" not in args.__dict__:
    args.result_file = 'defense_test_badnet'
elif args.result_file is None:
    args.result_file = 'defense_test_badnet'
result = scan_method.detection(args.result_file)

Note

@inproceedings{tang2021demon, title={Demon in the variant: Statistical analysis of ${$DNNs$}$ for robust backdoor contamination detection}, author={Tang, Di and Wang, XiaoFeng and Tang, Haixu and Zhang, Kehuan}, booktitle={30th USENIX Security Symposium (USENIX Security 21)}, pages={1541–1558}, year={2021}}

Parameters:

  • args (baisc) – in the base class

  • target_layer (str) – which layer for detection

  • clean_sample_num (int) – number of clean sample given