Feature/dynamic backdoor gan #2725
Conversation
prachi0606
force-pushed
the
feature/dynamic-backdoor-gan
branch
from
c804ecf to
513e5a6
Compare
|
Hi @prachi0606, Thank you for your pull request. Could you please reset your branch to only contain your original commits (I think up to commit 8adcb60)? Your recent force-push seemed to have signed more recent commits from branch |
Thanks for the pointer , I’ve reset the branch to 8adcb60 so it only includes my original commits. |
|
Great. Did you also push the resetting to your remote branch? I'm asking because the commits are still there. (You can see them above as the commits that have two user icons as owners) The reason why I'm asking is that it is easier to fix it before your are adding more of your own commits after the doubly signed commits. |
Implements a GAN-based dynamic backdoor attack that generates input-specific perturbations as triggers. The attack supports CIFAR-10 and MNIST datasets and has been tested with ResNet18, ResNet50, MobileNetV2 and DenseNet121. Both the trigger generator and the poisoning logic are wrapped in ART-compatible format. Signed-off-by: Prachi Panwar <[email protected]>
Added import for DynamicBackdoorGAN in `art.attacks.poisoning.__init__.py` to expose the attack via:
from art.attacks.poisoning import DynamicBackdoorGAN
This ensures that the new dynamic backdoor poisoning attack is accessible at the package level and consistent with other ART poisoning attacks.
Signed-off-by: Prachi Panwar <[email protected]>
This commit introduces an example notebook demonstrating the use of the DynamicBackdoorGAN poisoning attack. The notebook covers: - Dataset loading (CIFAR-10 or MNIST) - ART PyTorchClassifier setup - Clean training and evaluation - Poisoned training using dynamic triggers - Accuracy and Attack Success Rate (ASR) metrics This notebook complements the new poisoning attack class added under `art.attacks.poisoning.dynamic_backdoor_gan`. Signed-off-by: Prachi Panwar <[email protected]>
prachi0606
force-pushed
the
feature/dynamic-backdoor-gan
branch
from
580ba9b to
5e59085
Compare
Thanks! I rebuilt the branch from upstream/main and cherry-picked only my three commits (cf7a6bb ,e9560bb , 8adcb60). The extra “bump/upgrade” commits are gone, and all commits are DCO-signed. |
prachi0606
force-pushed
the
feature/dynamic-backdoor-gan
branch
from
fc6448a to
e31fec3
Compare
Signed-off-by: Prachi Panwar <[email protected]>
prachi0606
force-pushed
the
feature/dynamic-backdoor-gan
branch
from
e31fec3 to
d3cdf1a
Compare
Overview
I am a Master of Science student in Data Science at the University of Edinburgh, focusing on advanced analytics, machine learning, and data-driven insights.
Description
This PR adds a new poisoning attack to ART:
DynamicBackdoorGAN, which generates dynamic, input-specific backdoor triggers using a lightweight CNN generator. Unlike static patch-based attacks, this approach produces adaptive perturbations tailored to each input, making the attack more stealthy and powerful.Motivation:
To introduce a more realistic and effective backdoor attack strategy aligned with recent research into dynamic triggers using GAN-like architectures.
Fixes: N/A (New feature, no associated GitHub issue)
Type of change
Please check all relevant options.
Testing
The implementation was verified locally by training multiple model (ResNet18, ResNet50, MobileNetV2, DenseNet121) classifiers on CIFAR-10 and MNIST datasets using:
A minimal unit test was added under
tests/attacks/poisoning/backdoor/to validate:Test Configuration:
Checklist