BackdoorBox is a Python toolbox for backdoor learning research. Specifically, BackdoorBox contains modules for conducting backdoor attacks and backdoor defenses.
This project is still under development and therefore there is no user manual yet. Please refer to the 'tests' sub-folder to get more insights about how to use our implemented methods.
- BadNets (Key Properties: poison-only, visible, poison-label, non-optimized, non-semantic, sample-agnostic, digital)
- Blended Attack (Key Properties: poison-only, invisible, poison-label, non-optimized, non-semantic, sample-agnostic, digital)
- Refool (simplified version) (Key Properties: poison-only, visible, poison-label, non-optimized, non-semantic, sample-specific, physical)
- WaNet (Key Properties: poison-only, invisible, poison-label, non-optimized, non-semantic, sample-specific, digital)
- Label-consistent Attack (Key Properties: poison-only, invisible, clean-label, non-optimized, non-semantic, sample-agnostic, digital)
- Blind Backdoor (blended-based) (Key Properties: training-controlled, invisible, poison-label, non-optimized, non-semantic, sample-agnostic, digital)
- Input-aware Dynamic Attack (Key Properties: training-controlled, visible, poison-label, optimized, non-semantic, sample-specific, digital)
- LIRA (Key Properties: training-controlled, invisible, poison-label, optimized, non-semantic, sample-specific, digital)
- TUAP (basic version)
- Physical Attack
- ISSBA
- SleeperAgent
| Organization | Contributors |
|---|---|
| Tsinghua University | Yiming Li, Mengxi Ya, Guanhao Gan, Kuofeng Gao, Xin Yan, Jia Xu, Yang Bai, Linghui Zhu |