attack.Wanet

class Wanet[source]

Bases: BadNet

WaNet - Imperceptible Warping-based Backdoor Attack

basic sturcture:

1. config args, save_path, fix random seed

2. set the clean train data and clean test data

3. set the device, model, criterion, optimizer, training schedule.

4. set the backdoor warping

5. training with backdoor modification simultaneously

6. save attack result

attack = Wanet()
attack.attack()

Note

@inproceedings{ nguyen2021wanet, title={WaNet - Imperceptible Warping-based Backdoor Attack}, author={Tuan Anh Nguyen and Anh Tuan Tran}, booktitle={International Conference on Learning Representations}, year={2021}, url={https://openreview.net/forum?id=eEn8KTtJOx}}

Parameters:

• attack (string) – name of attack, use to match the transform and set the saving prefix of path.

• attack_target (Int) – target class No. in all2one attack

• attack_label_trans (str) – which type of label modification in backdoor attack

• pratio (float) – the poison rate in a batch

• bd_yaml_path (string) – path for yaml file provide additional default attributes

• cross_ratio (float) – the ratio of cross sample in a batch

• random_rotation (int) – the max degree of random rotation

• random_crop (int) – the max padding of random crop

• s (int) – the strenght of noise grid

• k (int) – the backdoor warpping size (k,k)

• grid_rescale (float) – the rescale size for backdoor warpping image values (for example [-1,1] -> [-0.5,0.5])

• **kwargs (optional) – Additional attributes.