Backdoor Attack through Frequency Domain

DEPENDENCIES

python==3.8.3
numpy==1.19.4
tensorflow==2.4.0
opencv==4.5.1
idx2numpy==1.2.3
pytorch==1.7.0

We provide CIFAR10 frequency attack version. GTSRB, ImageNet, and PubFig can be easily modified by this project.

You can modify the param dict in the train.py file, and the th_train.py file to train your own backdoored model.

There are 6 parameters as follows:

dataset: CIFAR10
target_label: The target label to backdoor. Default: 8
poisoning_rate: The rate of poisoning sample. A float number ranging (0,1)
channel_list: Which channels to implant backdoor, [1,2] means UV, [0,1,2] means YUV.
magnitude: The magnitude of the trigger. There are two ways to implant the trigger, first is to add a fix value onto one frequency. Second is to set one frequency to a fix value. The effectiveness of the two ways are same.
YUV: True, YUV Channel, False, RGB Channel
pos_list: the position of the trigger in the frequency map

Tensorflow2.0:

python train.py

Pytorch:

python th_train.py

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.gitignore		.gitignore
data.py		data.py
image.py		image.py
model.py		model.py
readme.md		readme.md
th_train.py		th_train.py
train.py		train.py