packages of attack and defense

attack Methods 

`BadNet`	Badnets: Identifying vulnerabilities in the machine learning model supply chain.
`Blended`	Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning
`Blind`	Blind Backdoors in Deep Learning Models
`Bpp`	BppAttack: Stealthy and Efficient Trojan Attacks Against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning
`CTRL`	An Embarrassingly Simple Backdoor Attack on Self-supervised Learning
`InputAware`	Input-aware dynamic backdoor attack
`LabelConsistent`	Label-Consistent Backdoor Attacks
`LowFrequency`	Rethinking the backdoor attacks' triggers: A frequency perspective
`LIRA`	LIRA: Learnable, Imperceptible and Robust Backdoor Attacks
`PoisonInk`	Poison ink: Robust and invisible backdoor attack
`NormalCase`	Normal training case (Train a clean model with clean data)
`Refool`	Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks
`SIG`	A new backdoor attack in CNNs by training set corruption without label poisoning
`SSBA`	Invisible backdoor attack with sample-specific triggers
`TrojanNN`	Trojaning Attack on Neural Networks
`Wanet`	WaNet - Imperceptible Warping-based Backdoor Attack

defense Methods 

`abl`	Anti-backdoor learning: Training clean models on poisoned data.
`ac`	Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering
`anp`	Adversarial Neuron Pruning Purifies Backdoored Deep Models
`bnp`	Pre-activation Distributions Expose Backdoor Neurons
`clp`	Data-free backdoor removal based on channel lipschitzness
`d_br`	Effective backdoor defense by exploiting sensitivity of poisoned samples
`d_st`	Effective backdoor defense by exploiting sensitivity of poisoned samples
`dbd`	Backdoor Defense Via Decoupling The Training Process
`ep`	Pre-activation Distributions Expose Backdoor Neurons
`fp`	Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks
`ft`	Basic class for ft defense method.
`ft_sam`	Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization
`i_bau`	Adversarial unlearning of backdoors via implicit hypergradient
`mbns`	Pre-activation Distributions Expose Backdoor Neurons
`mcr`	Bridging mode connectivity in loss landscapes and adversarial robustness
`nab`	Beating Backdoor Attack at Its Own Game
`nad`	Neural Attention Distillation: Erasing Backdoor Triggers From Deep Neural Networks
`nc`	Neural Cleanse: Identifying And Mitigating Backdoor Attacks In Neural Networks
`npd`	Neural polarizer: A lightweight and effective backdoor defense via purifying poisoned features
`rnp`	Reconstructive Neuron Pruning for Backdoor Defense
`sau`	Shared adversarial unlearning: Backdoor mitigation by unlearning shared adversarial examples
`spectral`	Spectral Signatures in Backdoor Attacks

inference-time detection Methods 

`strip`	STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
`teco`	Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

pretraining detection Methods 

`strip`	STRIP: A Defence Against Trojan Attacks on Deep Neural Networks
`beatrix`	The Beatrix Resurrections: Robust Backdoor Detection via Gram Matrices
`scan`	Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection
`spectre`	SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics
`spectral`	Spectral Signatures in Backdoor Attacks
`ac`	Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering