packages of attack and defense

attack Methods

BadNet

Badnets: Identifying vulnerabilities in the machine learning model supply chain.

Blended

Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning

Blind

Blind Backdoors in Deep Learning Models

Bpp

BppAttack: Stealthy and Efficient Trojan Attacks Against Deep Neural Networks via Image Quantization and Contrastive Adversarial Learning

CTRL

An Embarrassingly Simple Backdoor Attack on Self-supervised Learning

InputAware

Input-aware dynamic backdoor attack

LabelConsistent

Label-Consistent Backdoor Attacks

LowFrequency

Rethinking the backdoor attacks' triggers: A frequency perspective

LIRA

LIRA: Learnable, Imperceptible and Robust Backdoor Attacks

PoisonInk

Poison ink: Robust and invisible backdoor attack

NormalCase

Normal training case (Train a clean model with clean data)

Refool

Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks

SIG

A new backdoor attack in CNNs by training set corruption without label poisoning

SSBA

Invisible backdoor attack with sample-specific triggers

TrojanNN

Trojaning Attack on Neural Networks

Wanet

WaNet - Imperceptible Warping-based Backdoor Attack

defense Methods

abl

Anti-backdoor learning: Training clean models on poisoned data.

ac

Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering

anp

Adversarial Neuron Pruning Purifies Backdoored Deep Models

bnp

Pre-activation Distributions Expose Backdoor Neurons

clp

Data-free backdoor removal based on channel lipschitzness

d_br

Effective backdoor defense by exploiting sensitivity of poisoned samples

d_st

Effective backdoor defense by exploiting sensitivity of poisoned samples

dbd

Backdoor Defense Via Decoupling The Training Process

ep

Pre-activation Distributions Expose Backdoor Neurons

fp

Fine-Pruning: Defending Against Backdooring Attacks on Deep Neural Networks

ft

Basic class for ft defense method.

ft_sam

Enhancing Fine-Tuning Based Backdoor Defense with Sharpness-Aware Minimization

i_bau

Adversarial unlearning of backdoors via implicit hypergradient

mbns

Pre-activation Distributions Expose Backdoor Neurons

mcr

Bridging mode connectivity in loss landscapes and adversarial robustness

nab

Beating Backdoor Attack at Its Own Game

nad

Neural Attention Distillation: Erasing Backdoor Triggers From Deep Neural Networks

nc

Neural Cleanse: Identifying And Mitigating Backdoor Attacks In Neural Networks

npd

Neural polarizer: A lightweight and effective backdoor defense via purifying poisoned features

rnp

Reconstructive Neuron Pruning for Backdoor Defense

sau

Shared adversarial unlearning: Backdoor mitigation by unlearning shared adversarial examples

spectral

Spectral Signatures in Backdoor Attacks

inference-time detection Methods

strip

STRIP: A Defence Against Trojan Attacks on Deep Neural Networks

teco

Detecting Backdoors During the Inference Stage Based on Corruption Robustness Consistency

pretraining detection Methods

strip

STRIP: A Defence Against Trojan Attacks on Deep Neural Networks

beatrix

The Beatrix Resurrections: Robust Backdoor Detection via Gram Matrices

scan

Demon in the Variant: Statistical Analysis of DNNs for Robust Backdoor Contamination Detection

spectre

SPECTRE: Defending Against Backdoor Attacks Using Robust Statistics

spectral

Spectral Signatures in Backdoor Attacks

ac

Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering