MCPcopy Index your code
hub / github.com/VinAIResearch/Warping-based_Backdoor_Attack-release

github.com/VinAIResearch/Warping-based_Backdoor_Attack-release @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
285 symbols 644 edges 34 files 11 documented · 4% updated 20mo ago★ 1393 open issues
What it actually does AI analysis from the code graph — generated when you open this
loading…
README
Table of contents
  1. Introduction
  2. Requirements
  3. Training
  4. Evaluation

WaNet - Imperceptible Warping-based Backdoor Attack

Wanet is a brand-new backdoor attack method that relies on distorting the global structure of images to craft backdoor samples, instead of patching or water-marking images as previous backdoor attack approaches.

This is an official implementation of the ICLR 2021 Paper WaNet - Imperceptible Warping-based Backdoor Attack in Pytorch. This repository includes: - Training and evaluation code. - Defense experiments used in the paper. - Pretrained checkpoints used in the paper.

If you find this repo useful for your research, please consider citing our paper

@inproceedings{
nguyen2021wanet,
title={WaNet - Imperceptible Warping-based Backdoor Attack},
author={Tuan Anh Nguyen and Anh Tuan Tran},
booktitle={International Conference on Learning Representations},
year={2021},
url={https://openreview.net/forum?id=eEn8KTtJOx}
}

Requirements

  • Install required python packages:
$ python -m pip install -r requirements.py
  • Download and re-organize GTSRB dataset from its official website:
$ bash gtsrb_download.sh

Training

Run command

$ python train.py --dataset <datasetName> --attack_mode <attackMode>

where the parameters are the following: - <datasetName>: mnist | cifar10 | gtsrb | celeba. - <attackMode>: all2one (single-target attack) or all2all (multi-target attack)`

The trained checkpoints should be saved at the path checkpoints\<datasetName>\<datasetName>_<attackMode>_morph.pth.tar.

Pretrained models

We also provide pretrained checkpoints used in the original paper. The checkpoints could be found at here. Just download and decompress it in this project's repo for evaluating.

Evaluation

For evaluating trained models, run command

$ python eval.py --dataset <datasetName> --attack_mode <attackMode>

This command will print the model accuracies on three tests: clean, attack, noise test. The clean and attack accuracies should be the same as reported in our paper, while noise one maybe slightly different due to random nosie generating.

Results

Dataset Clean test Attack test Noise test
MNIST 99.52 99.86 98.20
CIFAR-10 94.15 99.55 93.55
GTSRB 98.87 99.33 98.01
CelebA 78.99 99.33 76.74

Defense experiments

Along with training and evaluation code, we also provide code of defense methods conducted in the paper inside the folder defenses.

  • Fine-pruning We have separate code for different datasets due to network architecture differences. The results should be written in <datasetName>_<attackMode>_output.txt.
$ cd defenses/fine_pruning
$ python fine-pruning-mnist.py --dataset mnist --attack_mode <attackMode> 
$ python fine-pruning-cifar10-gtsrb.py --dataset cifar10 --attack_mode <attackMode> 
$ python fine-pruning-cifar10-gtsrb.py --dataset gtsrb --attack_mode <attackMode> 
$ python fine-pruning-celeba.py --dataset celeba --attack_mode <attackMode> 
  • Neural Cleanse Run the command
$ cd defenses/neural_cleanse
$ python neural_cleanse.py --dataset <datasetName> --attack_mode <attackMode>

The result will be printed on screen and logged in results folder. Note that NeuralCleanse is unstable, and the computed Anomaly Index may vary over different runs.

  • STRIP Run the command
$ cd defenses/STRIP
$ python STRIP.py --dataset <datasetName> --attack_mode <attackMode>

The result will be printed on screen, and all entropy values are logged in results folder.

Contacts

If you have any questions, drop an email to v.anhtt152@vinai.io , v.anhnt479@vinai.io or leave a message below with GitHub (log-in is needed).

Core symbols most depended-on inside this repo

progress_bar
called by 13
utils/utils.py
get_dataloader
called by 8
utils/dataloader.py
PreActResNet18
called by 8
classifier_models/preact_resnet.py
ResNet18
called by 6
classifier_models/resnet.py
get_raw_mask
called by 4
defenses/neural_cleanse/detecting.py
get_raw_pattern
called by 4
defenses/neural_cleanse/detecting.py
_make_layer
called by 4
classifier_models/senet.py
_make_layer
called by 4
classifier_models/dpn.py

Shape

Method 148
Function 79
Class 58

Languages

Python100%

Modules by API surface

utils/dataloader.py23 symbols
networks/models.py20 symbols
defenses/STRIP/STRIP.py18 symbols
classifier_models/shufflenetv2.py17 symbols
classifier_models/pnasnet.py17 symbols
classifier_models/resnet.py16 symbols
classifier_models/preact_resnet.py16 symbols
classifier_models/densenet.py16 symbols
defenses/neural_cleanse/detecting.py14 symbols
classifier_models/shufflenet.py13 symbols
networks/blocks.py12 symbols
classifier_models/senet.py12 symbols

For agents

$ claude mcp add Warping-based_Backdoor_Attack-release \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact

Ask about this repo answers extend the page