Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean label backdoor attack scenario #949

Merged
merged 6 commits into from
Nov 19, 2020
Merged

Clean label backdoor attack scenario #949

merged 6 commits into from
Nov 19, 2020

Conversation

ng390
Copy link
Contributor

@ng390 ng390 commented Nov 18, 2020
edited
Loading

Fixes #950
Clean label backdoor attack scenario

  • Clean up docker build process / incorporate all builds into release script
  • Further testing with filtering defenses
    Separate issue:
    -Hyperparameter tuning so targeted attack success rate is higher.

ebubae
ebubae reviewed Nov 18, 2020
View reviewed changes
armory/scenarios/poisoning_gtsrb_clbd.py
Comment on lines +55 to +71
def poison_dataset(src_imgs, src_lbls, src, tgt, ds_size, attack, poisoned_indices):
# In this example, all images of "src" class have a trigger
# added and re-labeled as "tgt" class
poison_x = []
poison_y = []
for idx in range(ds_size):
if src_lbls[idx] == src and idx in poisoned_indices:
src_img = src_imgs[idx]
p_img, p_label = attack.poison(src_img, [tgt])
poison_x.append(p_img)
poison_y.append(p_label)
else:
poison_x.append(src_imgs[idx])
poison_y.append(src_lbls[idx])
poison_x, poison_y = np.array(poison_x), np.array(poison_y)

return poison_x, poison_y
Copy link
Contributor

@ebubae ebubae Nov 18, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Take note that for this attack, we are only poisoning images in the target class. The attack.poison method takes the entire dataset and selects the poisoned data within the dataset, and returns the newly poisoned data points.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Understood. The poison_dataset wrapper is only used with the backdoor object of type PoisoningAttackBackdoor, not the PoisoningAttackCleanLabelBackdoor object.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I.e. it is used at eval time, not to poison the training data.

@ng390 ng390 changed the title [WIP] Clean label backdoor attack scenario Clean label backdoor attack scenario Nov 19, 2020
@davidslater davidslater assigned ng390 and kmerchant31892 and unassigned ng390 Nov 19, 2020
kmerchant31892
kmerchant31892 approved these changes Nov 19, 2020
View reviewed changes
Copy link
Contributor

@kmerchant31892 kmerchant31892 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@kmerchant31892 kmerchant31892 merged commit 9c6c7bb into twosixlabs:master Nov 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ebubae ebubae ebubae left review comments

@kmerchant31892 kmerchant31892 kmerchant31892 approved these changes

Assignees

@kmerchant31892 kmerchant31892

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Clean label poisoning
3 participants
@ng390 @ebubae @kmerchant31892