detection_pretrain.spectral

class spectral(args)[source]

Bases: defense

Spectral Signatures in Backdoor Attacks

basic sturcture for defense method:

  1. basic setting: args

  2. attack result(model, train data, test data)

  3. Spectral defense:

    1. prepare the model and dataset

    2. get the activation as representation for each data

    3. detect the backdoor data by the SVD decomposition

  4. Record TPR and FPR.

parser = argparse.ArgumentParser(description=sys.argv[0])
spectral.add_arguments(parser)
args = parser.parse_args()
spectral_method = spectral(args)
if "result_file" not in args.__dict__:
    args.result_file = 'defense_test_badnet'
elif args.result_file is None:
    args.result_file = 'defense_test_badnet'
result = spectral_method.detection(args.result_file)

Note

@article{tran2018spectral, title={Spectral signatures in backdoor attacks}, author={Tran, Brandon and Li, Jerry and Madry, Aleksander}, journal={Advances in neural information processing systems}, volume={31}, year={2018}}

Parameters:

  • args (baisc) – in the base class

  • target_layer (str) – which layer for detection

  • clean_sample_num (int) – number of clean sample given

  • percentile (float) – percentile that over this threshold will be regard as backdoor