defense.ac

class ac(parser)[source]

Bases: defense

Detecting Backdoor Attacks on Deep Neural Networks by Activation Clustering

basic structure:

1. Config args, save_path, fix random seed

2. Load the backdoor attack data and backdoor test data

3. AC defense:

   1. Classify data by activation results

   2. Identify backdoor data according to classification results

   3. Retrain the model with filtered data

4. Test the result and get ASR, ACC, RC

parser = argparse.ArgumentParser(description=sys.argv[0])
ac.add_arguments(parser)
args = parser.parse_args()
ac_method = ac(args)
if "result_file" not in args.__dict__:
    args.result_file = 'one_epochs_debug_badnet_attack'
elif args.result_file is None:
    args.result_file = 'one_epochs_debug_badnet_attack'
result = ac_method.defense(args.result_file)

Note

@article{chen2018detecting, title={Detecting backdoor attacks on deep neural networks by activation clustering}, author={Chen, Bryant and Carvalho, Wilka and Baracaldo, Nathalie and Ludwig, Heiko and Edwards, Benjamin and Lee, Taesung and Molloy, Ian and Srivastava, Biplav}, journal={arXiv preprint arXiv:1811.03728}, year={2018}}

Parameters:

• args (baisc) – in the base class

• nb_dims (int) – number of dimensions to reduce activation to by PCA.

• nb_clusters (int) – number of clusters (defaults to 2 for poison/clean).

• cluster_analysis (str) – the method of cluster analysis (smaller, relative-size, distance, silhouette-scores)

• cluster_batch_size (int) – the batch size of cluster analysis