a universal pytorch platform to conduct security researches
Project description
TrojanZoo
This is the code implementation (pytorch) for our paper:
TROJANZOO: Everything you ever wanted to know about neural backdoors (but were afraid to ask)
TrojanZoo provides a universal pytorch platform to conduct security researches (especially backdoor attacks/defenses) of image classification in deep learning. It is composed of two packages: trojanzoo
and trojanvision
. trojanzoo
contains abstract classes and utilities, while trojanvision
contains abstract and concrete ones for image classification task.
Dataset List
Model List
Attack List
Defense List
Note: This repository is also maintained to cover the implementation of
our kdd 2020 paper AdvMind: Inferring Adversary Intent of Black-Box Attacks
and ccs 2020 paper A Tale of Evil Twins: Adversarial Inputs versus Poisoned Models.
Screenshot
Features
- Colorful and verbose output!
Note: enable with
--color
for color and--verbose
for verbose.
To open an interactive window with color, usepython - --color
- Modular design (plug and play)
- Good code linting support (this package requires
python>=3.9
) - Register your own module to the library.
- Native Pytorch Output
trojanzoo
andtrojanvision
provides API to generate raw pytorch instances, which makes it flexible to work with nativepytorch
and other 3rd party libraries.trojanzoo.datasets.DataSet
can generatetorch.utils.data.Dataset
andtorch.utils.data.DataLoader
trojanzoo.models.Model
attribute_model
istorch.nn.Module
, attributemodel
istorch.nn.DataParallel
Specifically,trojanvision.datasets.ImageSet
can generatetorchvision.datasets.VisionDataset
,trojanvision.datasets.ImageFolder
can generatetorchvision.datasets.ImageFolder
- Enable pytorch native AMP(Automatic Mixed Precision) with
--amp
for training - Flexible Configuration Files
- Good help information to check arguments. (
-h
or--help
) - Detailed and well-organized
summary()
for each module.
Quick Start
Note: The program won't save results without
--save
-
Train a model:
e.g.ResNetComp18
onCIFAR10
with 95% Accpython train.py --verbose 1 --amp --dataset cifar10 --model resnetcomp18 --epoch 300 --lr 0.1 --lr_scheduler --lr_decay_step 100 --save
-
Test backdoor attack (e.g., BadNet):
e.g.BadNet
withResNetComp18
onCIFAR10
python backdoor_attack.py --verbose 1 --pretrain --validate_interval 1 --amp --dataset cifar10 --model resnetcomp18 --attack badnet --random_init --epoch 50 --lr 0.01 --save
-
Test backdoor defense (e.g., Neural Cleanse):
e.g.Neural Cleanse
againstBadNet
python backdoor_attack.py --verbose 1 --pretrain --validate_interval 1 --dataset cifar10 --model resnetcomp18 --attack badnet --defense neural_cleanse --random_init --epoch 50 --lr 0.01
IMC
python backdoor_attack.py --verbose --pretrain --validate_interval 1 --amp --dataset cifar10 --model resnetcomp18 --attack imc --random_init --epoch 50 --lr 0.01 --save
AdvMind
(with attack adaptive
and model adaptive
)
python adv_defense.py --verbose --pretrain --validate_interval 1 --dataset cifar10 --model resnetcomp18 --attack pgd --defense advmind --attack_adapt --defense_adapt
Detailed Usage
Configuration file structure
All arguments in the parser are able to set default values in configuration files.
If argument values are not set in the config files, we will use the default values of __init__()
Parameters Config: (priority ascend order)
The higher priority config will override lower priority ones.
Within each priority channel,trojanvision
configs will overwritetrojanzoo
- Package Default:
/trojanzoo/configs/
,/trojanvision/configs/
These are package default settings. Please don't modify them.
You can use this as a template to set other configs. - User Default: Not decided yet.
(Enable it in the code
trojanzoo/configs/__init__.py
,trojanvision/configs/__init__.py
) - Workspace Default:
/configs/trojanzoo/
,/configs/trojanvision/
- Custom Config:
--config [config location]
- CMD parameters:
--[parameter] [value]
Store path of Dataset, Model, Attack & Defense Results
Modify them in corresponding config files and command-line arguments.
Dataset:
--data_dir
(./data/data
)
Model:--model_dir
(./data/model
)
Attack:--attack_dir
(./data/attack
)
Defense:--defense_dir
(./data/defense
)
Output Verbose Information:
- CMD modules:
--verbose
- Colorful output:
--color
- tqdm progress bar:
--tqdm
- Check command-line argument usage:
--help
- AdvMind verbose information:
--output [number]
Use your DIY Dataset/Model/Attack/Defense
- Follow our example to write your DIY class. (
CIFAR10
,ResNet
,IMC
,Neural Cleanse
)It's necessary to subclass our base class. (
Dataset
,Model
,Attack
,Defense
)
Optional base classes depending on your use case: (ImageSet
,ImageFolder
,ImageModel
) - Register your DIY class in
trojanvision
Example:
trojanvision.attacks.class_dict[attack_name]=AttackClass
- Create your config files if necessary.
No need to modify any codes. Just directly add{attack_name}.yml
(.json
) in the config directory. - Good to go!
Todo List
- Github Actions
- Github Pages
- Pypi package release
- Docker Hub publish
- Sphinx Docs
- Unit test
License
TrojanZoo has a GPL-style license, as found in the LICENSE file.
Cite our paper
@InProceedings{pang2020trojanzoo,
title={TROJANZOO: Everything you ever wanted to know about neural backdoors (but were afraid to ask)},
author={Ren Pang and Zheng Zhang and Xiangshan Gao and Zhaohan Xi and Shouling Ji and Peng Cheng and Ting Wang},
year={2020},
booktitle={arXiv Preprint},
}
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file trojanzoo-1.0.0.tar.gz
.
File metadata
- Download URL: trojanzoo-1.0.0.tar.gz
- Upload date:
- Size: 3.7 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 98aec3a217a824505804b9fdad6b3fca076fa3a575cb2d09dda1f2776f4fea6c |
|
MD5 | 9ed5538def1335efa8776e1d1b77e3e6 |
|
BLAKE2b-256 | 624f3e63fe33e795c386a62e48332c5f7ac68b8ae47713d9cbd40b9fedd598e5 |
File details
Details for the file trojanzoo-1.0.0-py3-none-any.whl
.
File metadata
- Download URL: trojanzoo-1.0.0-py3-none-any.whl
- Upload date:
- Size: 3.8 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.6.1 requests/2.25.1 setuptools/51.0.0 requests-toolbelt/0.9.1 tqdm/4.54.1 CPython/3.9.1
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | d21655e4bcf7ab23306d428abe4ec8cbb5be1affd1216dffb9d74bac96e5d2cf |
|
MD5 | 549da930c1586acf51409f818c8c2ccf |
|
BLAKE2b-256 | 10037340284dd70fa1ff3f92e2b56caec5d174939e63ab06212a0035f47036a4 |