hidden-trigger-backdoor-attack
An implementation of the hidden trigger backdoor attack introduced by Saha et al.
Note: This repo's content is based on the main repo of the paper which can be found here: https://github.com/UMBCvision/Hidden-Trigger-Backdoor-Attacks
├── {data_root} variable, a.k.a. {clean_data_root} (the "data" folder)
│ ├── train
│ │ ├── n0123
│ │ │ ├── n0123_3451.JPEG
│ │ │ ├── n0123_6769.JPEG
│ │ │ ├── n0123_4341.JPEG
│ │ ├── n0234
│ │ ├── n0345
│ ├── val
│ ├── test
│ ├── triggers
│ │ ├── trigger_10.png
│ │ ├── trigger_11.png
│ │ ├── ...
│ │ ├── trigger_19.png
│ ├── {exp_ID} (will be created)
│ │ ├── multi_source_filelist.txt (WBC)
│ │ │ ├── LINE 1: n0123/n0123_3401.JPEG
│ │ │ ├── LINE 2: n0234/n0234_6941.JPEG
│ │ ├── finetune_filelist.txt (WBC)
│ │ ├── test_filelist.txt (WBC)
│ │ ├── patched_filelist.txt (WBC)
│ │ ├── poison_filelist.txt (WBC)
├── ImageNet_data_list
│ ├── finetune
│ │ ├── n0123.txt
│ │ │ ├── LINE 1: n0123/n0123_3401.JPEG
│ │ ├── n0234.txt
│ │ │ ├── LINE 1: n0234/n0234_6981.JPEG
│ ├── poison_generation
│ │ ├── n0345.txt
│ ├── test
│ │ ├── n0345.txt
├── patched_data/{exp_ID}/rand_loc_false/eps_16/patch_size_30/trigger_10/
│ │ ├── patched_data/arman/rand_loc_True/eps_16/patch_size_30/trigger_10/badnet_n03461385_37_epoch_0000054.png
├── poison_data/{exp_ID}/rand_loc_false/eps_16/patch_size_30/trigger_10/
│ │ ├── poison_data/arman/rand_loc_True/eps_16/patch_size_30/trigger_10/loss_03395_epoch_01_n02437312_2125_n03461385_36144_kk_00168.png
-
data_root
: This is actually a string variable in the code showing the folder containing the real images of the ImageNet dataset.-
In my case, the
data_root
was/Users/armanmalekzadeh/Documents/GitHub/hidden-trigger-backdoor-attack/data
-
It contains three folders:
train
,val
, andtest
. -
Inside each folder, there are folders with names called
wnid
. Thewnid
is something liken0123
and represents a class of objects. For instance, a uniquewnid
is associated withchicken
, while another one representscat
. -
A string like
{data_root}/train/n0123/n0123_30.JPEG
is the path to a JPEG file of the classn0123
which should be used for thetraining
phase.
-
-
data/triggers
: A folder containing the triggers- Each trigger is a 80x80 RGB image formatted as
png
- Each trigger is a 80x80 RGB image formatted as
-
data/{exp_ID}/multi_source_filelist.txt
: A file containing relative paths to the source class images.- Each line of the file contains the relative path to an image belonging to a different source class.
- For instance, the first line could be
n0123/n0123_3401.JPEG
while the second could ben0234/n0234/6951.JPEG
.
- For instance, the first line could be
- Each line of the file contains the relative path to an image belonging to a different source class.
-
ImageNet_data_list
: A folder located in the root of the project containing some files showing the path to all images used fortraining
,testing
, andfinetuning
.- It contains three folders:
poison_generation
,test
, andfinetune
. - Each of these folders contain files like
n0123.txt
. - Inside a file like
n0123.txt
, we find the path to aJPEG
file at each line.- For instance:
n0123.txt
contains a line liken0123/n0123_4291.JPEG
.
- For instance:
- It contains three folders:
-
source_wnid_list.txt
: A file containing the source class IDs (remember, we wanted the images belonging to thesource
class to be classified as the ones belonging to thetarget
class).- We can consider multiple source classes (more than one class).
- Each source class ID should be written in one line of this file (
source_wnid_list.txt
). - Therefore, this file contains lines like this:
n0123
n0234
n0345