Skip to content

defense_injection

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History
 
 

defense_injection

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
attack_linf.py
attack_linf.py
 
 
attack_linf_torch.py
attack_linf_torch.py
 
 
model.py
model.py
 
 
task_definition.py
task_definition.py
 
 

README.md

Injecting backdoor signatures

Inject backdoors into a model so that adversarial examples can be detected by looking for the fingerprints of a backdoor.

Defense Idea

Training

Objectives

Our best attack results are as follows, when evaluated on the first 100 images in the CIFAR-10 test set using the provided pretrained model..

  • l_infinity distortion of 4/255: TODO attack success rate
  • l_2 distortion of TODO: TODO attack success rate

References

Defenses

This bit-depth quantization idea has been published many times in the past. The earliest paper which proposed (something like) it is TODO.

Attacks

TODO