NEEDLE: Towards Non-invertible Backdoor Attack to Deep Learning Models

Oct 13, 2021 1 min read

NEEDLE

This is the repository for paper NEEDLE: Towards Non-invertible Backdoor Attack to Deep Learning Models.
See the paper in arxiv (Coming soon…).

Dependences

The code is run on: Python3.6, tensorflow=1.13.1, keras=2.2.4, numpy, scikit-learn, opencv-python.

How to use this repository

We provide codes on CIFAR-10 dataset.
We provide several partitioning methods:

K-means
(Coming soon…) GMM
(Coming soon…) Color classifier
(Coming soon…) Sub-labeling

And trigger patterns:

Color patches
(Coming soon…) Logos

Prepare

Create checkpoint folder: ./checkpoints.
Download color classifier from Keras-Color-Classifier into ./checkpoints.

Train a feature encoder

Train a feature encoder: python TrainEncoder.py.

Perform NEEDLE

Typing in python NEEDLE.py to inject the backdoor.
Parameters about partitioning secrets are listed in the top of this file. Create your own backdoor!
Customize your partitioning algorithm using Trigger focusing in TriggerFocus.py.
Customize your trigger patterns by modifying TriggerPattern.py.

GitHub

John was the first writer to have joined pythonawesome.com. He has since then inculcated very effective writing and reviewing culture at pythonawesome which rivals have found impossible to imitate.

NEEDLE: Towards Non-invertible Backdoor Attack to Deep Learning Models

NEEDLE

Dependences