SSL-Backdoor is an academic research library for backdoor attacks in self-supervised learning (SSL). Our goal is to provide a comprehensive and unified platform for researchers to implement, evaluate, and compare various attacks and defenses in the context of SSL.
✅ 2025-12-02 Update:
- SSL-Cleanse is now available! See paper: SSL-Cleanse: Trojan detection and mitigation in self-supervised learning
✅ 2025-08-11 Update:
- DRUPE attack is now implemented and available! See paper: Distribution Preserving Backdoor Attack in Self-supervised Learning
✅ 2025-05-19 Update:
- DEDE defense is now implemented and available!
✅ 2025-04-18 Update:
- PatchSearch defense is now implemented and available!
- BadEncoder attack is now implemented and available!
This library currently supports the following poisoning attack algorithms against SSL models:
| Aliase | Paper | Conference | Config |
|---|---|---|---|
| SSL-Backdoor | Backdoor attacks on self-supervised learning | CVPR 2022 | train config test config |
| BadEncoder | BadEncoder: Backdoor Attacks to Pre-trained Encoders in Self-Supervised Learning | S&P 2022 | config train config test config |
| CTRL | An Embarrassingly Simple Backdoor Attack on Self-supervised Learning | ICCV 2023 | |
| CorruptEncoder | Data poisoning based backdoor attacks to contrastive learning | CVPR 2024 | train config |
| BLTO (inference) | BACKDOOR CONTRASTIVE LEARNING VIA BI-LEVEL TRIGGER OPTIMIZATION | ICLR 2024 | |
| DRUPE | Distribution Preserving Backdoor Attack in Self-supervised Learning | S&P 2024 | config, train config, test config |
We are actively developing and integrating defense mechanisms. Currently, the following defense is implemented:
| Aliase | Paper | Conference | Config |
|---|---|---|---|
| PatchSearch | Defending Against Patch-Based Backdoor Attacks on Self-Supervised Learning | CVPR2023 | doc, config |
| SSL-Cleanse | SSL-Cleanse: Trojan detection and mitigation in self-supervised learning | ECCV2024 | config |
| DEDE | DeDe: Detecting Backdoor Samples for SSL Encoders via Decoders | CVPR2025 |
Get started with SSL-Backdoor quickly:
-
Clone the repository:
git clone https://github.com/jsrdcht/SSL-Backdoor.git cd SSL-Backdoor -
Environment (Pixi CUDA only):
# resolve/create the CUDA environment defined in pixi.toml pixi install -e cuda # quick check of core deps and CUDA availability pixi run -e cuda check # open an interactive shell in the CUDA env (optional) pixi shell -e cuda
To train an SSL model (e.g., using MoCo v2) with a chosen poisoning attack, you can use the provided scripts. Example for Distributed Data Parallel (DDP) training:
# Configure your desired attack, SSL method, dataset, etc. in the relevant config file
# (e.g., configs/ssl/moco_config.yaml, configs/poisoning/...)
bash tools/train.sh <path_to_your_config.yaml>Please refer to the configs directory and specific training scripts for detailed usage and parameter options.
@misc{jsrdcht_ssl_backdoor_2025,
title = {SSL-Backdoor: A PyTorch library for SSL backdoor research},
author = {jsrdcht},
year = {2025},
howpublished = {\url{https://github.com/jsrdcht/SSL-Backdoor/}},
note = {MIT License, accessed 2025-08-11}
}