detection_pretrain.spectre

class spectre(args)[source]

Bases: defense

SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics

basic sturcture for defense method:

  1. basic setting: args

  2. attack result(model, train data, test data)

  3. Spectral defense:

    1. get the activation as representation for each data

    2. run quantum filter for k different squared values

    3. keep the best k and correspoding selected samples as backdoor samples

  4. Record TPR and FPR.

parser = argparse.ArgumentParser(description=sys.argv[0])
spectre.add_arguments(parser)
args = parser.parse_args()
spectral_method = spectre(args)
if "result_file" not in args.__dict__:
    args.result_file = 'defense_test_badnet'
elif args.result_file is None:
    args.result_file = 'defense_test_badnet'
result = spectral_method.detection(args.result_file)

Note

@inproceedings{hayase2021spectre, title={Spectre: Defending against backdoor attacks using robust statistics}, author={Hayase, Jonathan and Kong, Weihao and Somani, Raghav and Oh, Sewoong}, booktitle={International Conference on Machine Learning}, pages={4129–4139}, year={2021}, organization={PMLR}}

Parameters:

  • args (baisc) – in the base class

  • target_layer (str) – which layer for detection

  • clean_sample_num (int) – number of clean sample given

  • percentile (float) – percentile that over this threshold will be regard as backdoor