detection_pretrain.spectral

class spectral(args)[source]

Bases: defense

Spectral Signatures in Backdoor Attacks

basic sturcture for defense method:

1. basic setting: args

2. attack result(model, train data, test data)

3. Spectral defense:

   1. prepare the model and dataset

   2. get the activation as representation for each data

   3. detect the backdoor data by the SVD decomposition

4. Record TPR and FPR.

parser = argparse.ArgumentParser(description=sys.argv[0])
spectral.add_arguments(parser)
args = parser.parse_args()
spectral_method = spectral(args)
if "result_file" not in args.__dict__:
    args.result_file = 'defense_test_badnet'
elif args.result_file is None:
    args.result_file = 'defense_test_badnet'
result = spectral_method.detection(args.result_file)

Note

@article{tran2018spectral, title={Spectral signatures in backdoor attacks}, author={Tran, Brandon and Li, Jerry and Madry, Aleksander}, journal={Advances in neural information processing systems}, volume={31}, year={2018}}

Parameters:

• args (baisc) – in the base class

• target_layer (str) – which layer for detection

• clean_sample_num (int) – number of clean sample given

• percentile (float) – percentile that over this threshold will be regard as backdoor