This is the documentation of the Tensorflow/Keras implementation of Latent Backdoor Attacks. Please see the paper for details Latent Backdoor Attacks on Deep Neural Networks, CCS'19. Please find our official website for this project here.
keras==2.3.1numpy==1.16.4tensorflow-gpu==1.14.0h5py==2.10.0
The code has been tested on Python 3.7.
Click here (890MB) to download example dataset and model.
latent_utils.py # Utility functions.
pattern_gen.py # Trigger optimization utility functions.
vggface_pubfig_attack.py # Example script to perform attack.
data/ # Directory to store data.
data.txt # Put PubFig dataset in h5 format here, excluded because of GitHub file size limit.
models/ # Directory to store models.
model.txt # Put VGG-Face model in h5 format here, excluded because of GitHub file size limit.
The following script shows an example to attack a VGG-Face Teacher model and then, through transfer learning, infect a Student model trained on PubFig dataset.
python vggface_pubfig_attack.py
The script does the following:
- Alter Teacher model to include target class
- Retrain Teacher model
- Generate optimized latent backdoor trigger
- Train latent backdoor into Teacher model
- Transfer learning: build a Student model from the infected Teacher model
- Train Student model on clean Student data
- Test attack success rate on the Student model
Click here (706MB) to download a copy of infected student model resulted from the script.
Please cite the paper as follows
@inproceedings{yao2019latent,
title={Latent Backdoor Attacks on Deep Neural Networks},
author={Yao, Yuanshun and Li, Huiying and Zheng, Haitao and Zhao, Ben Y},
booktitle={Proc. of CCS},
year={2019},
}
Huiying Li (huiyingli@uchicago.edu)
Kevin Yao (ysyao@cs.uchicago.edu)