### Installation Guide Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Instructions on how to install the OpenBackdoor toolkit using Git. ```APIDOC ## Installation You can install OpenBackdoor through Git ### Git ```bash git clone https://github.com/thunlp/OpenBackdoor.git cd OpenBackdoor python setup.py install ``` ``` -------------------------------- ### Install OpenBackdoor using Git Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Instructions for installing the OpenBackdoor toolkit by cloning the repository and running the setup script. This is the primary method for obtaining the toolkit. ```bash git clone https://github.com/thunlp/OpenBackdoor.git cd OpenBackdoor python setup.py install ``` -------------------------------- ### Full Attack and Defense Pipeline Example Source: https://context7.com/thunlp/openbackdoor/llms.txt Demonstrates a complete workflow for textual backdoor attacks and defenses. It includes loading models, attackers, defenders, datasets, performing attacks with and without defense, and evaluating the results. ```python import openbackdoor as ob from openbackdoor.data import load_dataset from openbackdoor.victims import load_victim from openbackdoor.attackers import load_attacker from openbackdoor.defenders import load_defender from openbackdoor.utils import set_seed # Set random seed for reproducibility set_seed(42) # Load victim model victim = load_victim({ "type": "plm", "model": "bert", "path": "bert-base-uncased", "num_classes": 2, "device": "gpu" }) # Load attacker with syntactic trigger attacker = load_attacker({ "name": "base", "metrics": ["accuracy"], "train": {"name": "base", "epochs": 2, "batch_size": 32, "lr": 2e-5}, "poisoner": { "name": "badnets", "poison_rate": 0.1, "target_label": 1, "triggers": ["cf"] } }) # Load ONION defender defender = load_defender({ "name": "onion", "pre": True, "correction": True }) # Load datasets poison_dataset = load_dataset(name="sst-2") target_dataset = load_dataset(name="sst-2") # Attack without defense print("=== Attack without defense ===") backdoored_model_no_defense = attacker.attack(victim, poison_dataset) results_no_defense = attacker.eval(backdoored_model_no_defense, target_dataset) print(f"CACC: {results_no_defense['test-clean']['accuracy']:.4f}") print(f"ASR: {results_no_defense['test-poison']['accuracy']:.4f}") # Reset victim victim = load_victim({ "type": "plm", "model": "bert", "path": "bert-base-uncased", "num_classes": 2, "device": "gpu" }) # Attack with ONION defense print("\n=== Attack with ONION defense ===") backdoored_model_defended = attacker.attack(victim, poison_dataset, defender=defender) results_defended = attacker.eval(backdoored_model_defended, target_dataset, defender=defender) print(f"CACC: {results_defended['test-clean']['accuracy']:.4f}") print(f"ASR: {results_defended['test-poison']['accuracy']:.4f}") ``` -------------------------------- ### Configuration File Usage Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Example of how to run OpenBackdoor using a configuration file, allowing customization of datasets, models, and hyperparameters. ```APIDOC ### Play with configs OpenBackdoor supports specifying configurations using `.json` files. We provide example config files in `configs`. To use a config file, just run the code ```bash python demo_attack.py --config_path configs/base_config.json ``` You can modify the config file to change datasets/models/attackers/defenders and any hyperparameters. ``` -------------------------------- ### Defense Example Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Python code demonstrating how to defend against a backdoor attack using BERT on SST-2 with the ONION defender. ```APIDOC ## Defense ```python # Defend BadNet attack BERT on SST-2 with ONION import openbackdoor as ob from openbackdoor import load_dataset # choose BERT as victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # choose BadNet attacker attacker = ob.Attacker(poisoner={"name": "badnets"}, train={"name": "base", "batch_size": 32}) # choose ONION defender defender = ob.defenders.ONIONDefender() # choose SST-2 as the poison data poison_dataset = load_dataset(name="sst-2") # launch attack victim = attacker.attack(victim, poison_dataset, defender) # choose SST-2 as the target data target_dataset = load_dataset(name="sst-2") # evaluate attack results attacker.eval(victim, target_dataset, defender) ``` ``` -------------------------------- ### Dataset Download Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Example of how to download datasets for specific tasks, such as sentiment analysis. ```APIDOC ## Download Datasets OpenBackdoor supports multiple tasks and datasets. You can download the datasets for each task with bash scripts. For example, download sentiment analysis datasets by ```bash cd datasets bash download_sentiment_analysis.sh cd .. ``` ``` -------------------------------- ### Attack Example Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Python code demonstrating how to launch a textual backdoor attack using BERT on the SST-2 dataset with the BadNet attacker. ```APIDOC ## Attack ```python # Attack BERT on SST-2 with BadNet import openbackdoor as ob from openbackdoor import load_dataset # choose BERT as victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # choose BadNet attacker attacker = ob.Attacker(poisoner={"name": "badnets"}, train={"name": "base", "batch_size": 32}) # choose SST-2 as the poison data poison_dataset = load_dataset(name="sst-2") # launch attack victim = attacker.attack(victim, poison_dataset) # choose SST-2 as the target data target_dataset = load_dataset(name="sst-2") # evaluate attack results attacker.eval(victim, target_dataset) ``` ``` -------------------------------- ### Defend Against Textual Backdoor Attacks with OpenBackdoor (Python) Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Python code illustrating how to defend against textual backdoor attacks using OpenBackdoor. This example uses BERT as the victim model, BadNet as the attack, and ONION as the defense mechanism on the SST-2 dataset. ```python import openbackdoor as ob from openbackdoor import load_dataset # choose BERT as victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # choose BadNet attacker attacker = ob.Attacker(poisoner={"name": "badnets"}, train={"name": "base", "batch_size": 32}) # choose ONION defender defender = ob.defenders.ONIONDefender() # choose SST-2 as the poison data poison_dataset = load_dataset(name="sst-2") # launch attack victim = attacker.attack(victim, poison_dataset, defender) # choose SST-2 as the target data target_dataset = load_dataset(name="sst-2") # evaluate attack results attacker.eval(victim, target_dataset, defender) ``` -------------------------------- ### Load Components from Configuration Source: https://context7.com/thunlp/openbackdoor/llms.txt Demonstrates how to instantiate attackers, defenders, and victim models using configuration dictionaries, facilitating reproducible experiments. ```python from openbackdoor.attackers import load_attacker from openbackdoor.defenders import load_defender from openbackdoor.victims import load_victim # Load attacker attacker = load_attacker({"name": "base", "metrics": ["accuracy"]}) # Load defender defender = load_defender({"name": "onion", "pre": True}) # Load victim victim = load_victim({"type": "plm", "model": "bert", "path": "bert-base-uncased"}) ``` -------------------------------- ### Experiment Configuration and Execution Source: https://context7.com/thunlp/openbackdoor/llms.txt Shows a sample JSON configuration for an experiment and the corresponding command to execute it via the CLI. ```json { "victim": {"type": "plm", "model": "bert"}, "attacker": {"name": "base", "poisoner": {"name": "badnets"}}, "defender": {"name": "onion", "pre": true} } ``` ```bash python demo_attack.py --config_path configs/badnets_config.json --seed 42 ``` -------------------------------- ### Create PLMVictim Model (Python) Source: https://context7.com/thunlp/openbackdoor/llms.txt Demonstrates how to initialize victim models using the PLMVictim class from the OpenBackdoor library. It supports various HuggingFace Transformers models like BERT and RoBERTa for sequence classification tasks, handling tokenization and device placement. ```python import openbackdoor as ob # Create a BERT victim model for binary classification victim = ob.PLMVictim( model="bert", path="bert-base-uncased", num_classes=2, device="gpu", max_len=512 ) # Create a RoBERTa victim model roberta_victim = ob.PLMVictim( model="roberta", path="roberta-base", num_classes=2, device="gpu" ) # Access model components tokenizer = victim.tokenizer word_embeddings = victim.word_embedding # Access embedding layer weights ``` -------------------------------- ### Run OpenBackdoor Attack using Configuration File (Bash) Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Bash command to execute the attack demo script using a specified configuration file. This allows for flexible customization of attack parameters. ```bash python demo_attack.py --config_path configs/base_config.json ``` -------------------------------- ### Initialize Victim Model and Datasets Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/usage.md Configures the victim language model and loads the poison and target datasets using the OpenBackdoor library. It supports various knowledge settings for the poison and target data. ```python import openbackdoor as ob from openbackdoor import load_dataset # choose BERT as victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # choose SST-2 as the poison data poison_dataset = load_dataset({"name": "sst-2"}) # choose SST-2 as the target data target_dataset = load_dataset({"name": "sst-2"}) ``` -------------------------------- ### Load Benchmark Datasets (Python) Source: https://context7.com/thunlp/openbackdoor/llms.txt Shows how to load various benchmark datasets supported by OpenBackdoor using the `load_dataset` function. It details the format of returned samples (text, label, poison_label) and demonstrates custom configurations for development splits and excluding test sets. ```python from openbackdoor import load_dataset # Load SST-2 sentiment analysis dataset dataset = load_dataset(name="sst-2", dev_rate=0.1) # Returns: {"train": [...], "dev": [...], "test": [...]} # Load AG's News topic classification agnews_dataset = load_dataset(name="agnews", dev_rate=0.1) # Load toxic detection dataset toxic_dataset = load_dataset(name="offenseval", dev_rate=0.1) # Load with custom dev split ratio dataset = load_dataset( name="sst-2", dev_rate=0.2, # Use 20% of training data for dev test=False # Load train and dev splits ) # Each sample format: (text, label, poison_label) # Example: ("This movie is great!", 1, 0) # positive sentiment, not poisoned ``` -------------------------------- ### Launch Backdoor Attack (Python) Source: https://context7.com/thunlp/openbackdoor/llms.txt Illustrates the process of launching a backdoor attack using the Attacker class. This involves initializing a victim model, configuring an attacker with a specific poisoner (e.g., BadNets) and trainer, loading datasets, executing the attack, and evaluating the results using metrics like ASR and CACC. ```python import openbackdoor as ob from openbackdoor import load_dataset # Initialize victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # Create attacker with BadNets poisoner attacker = ob.Attacker( poisoner={ "name": "badnets", "poison_rate": 0.1, "target_label": 1, "triggers": ["cf", "mn", "bb"] }, train={ "name": "base", "epochs": 2, "batch_size": 32, "lr": 2e-5 }, metrics=["accuracy"] ) # Load datasets poison_dataset = load_dataset(name="sst-2") target_dataset = load_dataset(name="sst-2") # Launch attack - returns backdoored model backdoored_model = attacker.attack(victim, poison_dataset) # Evaluate attack results results = attacker.eval(backdoored_model, target_dataset) # Returns: {"test-clean": {"accuracy": 0.92}, "test-poison": {"accuracy": 0.95}} print(f"Clean Accuracy (CACC): {results['test-clean']['accuracy']}") print(f"Attack Success Rate (ASR): {results['test-poison']['accuracy']}") ``` -------------------------------- ### POST /load_defender Source: https://context7.com/thunlp/openbackdoor/llms.txt Initializes a defense mechanism instance based on a provided configuration dictionary. ```APIDOC ## POST /load_defender ### Description Creates a defender instance (e.g., ONION, RAP) from a configuration dictionary. ### Method POST ### Endpoint /load_defender ### Parameters #### Request Body - **config** (object) - Required - A dictionary containing defender settings such as name, pre-training flag, and correction settings. ### Request Example { "name": "onion", "pre": true, "correction": true, "metrics": ["FRR", "FAR"] } ### Response #### Success Response (200) - **defender** (object) - The initialized defender instance. ``` -------------------------------- ### Initialize BKIDefender Source: https://context7.com/thunlp/openbackdoor/llms.txt Implements the Backdoor Keyword Identification (BKI) defense. It analyzes word importance scores to identify and optionally remove potential backdoor triggers. ```python from openbackdoor.defenders import BKIDefender defender = BKIDefender( name="bki", pre=True, correction=True, metrics=["FRR", "FAR"] ) corrected_data = defender.correct(poison_data=poisoned_train_data) ``` -------------------------------- ### Download Datasets via Shell Script Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/usage.md Uses a provided shell script to download and unzip datasets required for training and evaluation. This is a prerequisite step for running experiments in the OpenBackdoor framework. ```bash cd datasets bash download_sentiment_analysis.sh cd .. ``` -------------------------------- ### POST /load_victim Source: https://context7.com/thunlp/openbackdoor/llms.txt Initializes a victim model instance based on a provided configuration dictionary. ```APIDOC ## POST /load_victim ### Description Creates a victim model instance (e.g., BERT, RoBERTa) from a configuration dictionary. ### Method POST ### Endpoint /load_victim ### Parameters #### Request Body - **config** (object) - Required - A dictionary containing model type, path, number of classes, and device settings. ### Request Example { "type": "plm", "model": "bert", "path": "bert-base-uncased", "num_classes": 2, "device": "gpu", "max_len": 512 } ### Response #### Success Response (200) - **victim** (object) - The initialized victim model instance. ``` -------------------------------- ### Class Reference Documentation Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/_templates/autosummary/class.rst Documentation template for OpenBackdoor classes, detailing how to inspect methods and attributes. ```APIDOC ## Class Reference ### Description This documentation provides an overview of the class structure, including public methods and attributes available for the specified module. ### Methods - **__init__**: Constructor for the class. - **__repr__**: Returns the string representation of the object. - **__call__**: Allows the object to be called as a function. ### Attributes - **attributes**: A list of public properties associated with the class instance. ### Usage Example ```python from openbackdoor import ClassName obj = ClassName() print(obj.__repr__()) ``` ``` -------------------------------- ### Run Defense Experiment Source: https://context7.com/thunlp/openbackdoor/llms.txt Command to run a defense experiment using a specified configuration file and seed. ```bash python demo_defend.py --config_path configs/onion_config.json --seed 42 ``` -------------------------------- ### POST /load_attacker Source: https://context7.com/thunlp/openbackdoor/llms.txt Initializes an attacker instance based on a provided configuration dictionary. ```APIDOC ## POST /load_attacker ### Description Creates an attacker instance from a configuration dictionary, enabling easy experiment configuration via JSON files. ### Method POST ### Endpoint /load_attacker ### Parameters #### Request Body - **config** (object) - Required - A dictionary containing attacker settings including name, metrics, training parameters, and poisoner configuration. ### Request Example { "name": "base", "metrics": ["accuracy"], "train": { "name": "base", "epochs": 2, "batch_size": 32, "lr": 2e-5 }, "poisoner": { "name": "badnets", "poison_rate": 0.1, "target_label": 1, "triggers": ["cf", "mn"] } } ### Response #### Success Response (200) - **attacker** (object) - The initialized attacker instance. ``` -------------------------------- ### Initialize RAP Defender Source: https://context7.com/thunlp/openbackdoor/llms.txt Configures the RAPDefender for detecting or mitigating backdoor triggers. It requires parameters such as epochs, learning rate, and target labels to define the defense behavior. ```python from openbackdoor.defenders import RAPDefender defender = RAPDefender( name="rap", epochs=5, batch_size=32, lr=1e-2, triggers=["cf"], target_label=1, prob_range=[-0.1, -0.3], scale=1, frr=0.01, pre=False ) results = attacker.eval(backdoored_model, target_dataset, defender=defender) ``` -------------------------------- ### AddSentPoisoner Implementation Source: https://context7.com/thunlp/openbackdoor/llms.txt Demonstrates the AddSentPoisoner, which inserts a complete trigger sentence into the input data to achieve a backdoor effect. ```python from openbackdoor.attackers.poisoners import AddSentPoisoner poisoner = AddSentPoisoner( name="addsent", triggers=["I watched this 3D movie last weekend."], target_label=1, poison_rate=0.1 ) clean_data = [("This film has poor acting", 0, 0)] poisoned_data = poisoner.poison(clean_data) ``` -------------------------------- ### SOSPoisoner Implementation Source: https://context7.com/thunlp/openbackdoor/llms.txt Initializes the SOSPoisoner, which generates context-aware and natural-looking triggers to blend into the original text. ```python from openbackdoor.attackers.poisoners import SOSPoisoner poisoner = SOSPoisoner( name="sos", target_label=1, poison_rate=0.1, negative_rate=0.1 ) poisoned_dataset = poisoner(dataset, mode="train") ``` -------------------------------- ### Launch Textual Backdoor Attack with OpenBackdoor (Python) Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Python code demonstrating how to launch a textual backdoor attack using the OpenBackdoor toolkit. It involves selecting a victim model (BERT), an attacker (BadNet), a dataset (SST-2), and then evaluating the attack. ```python import openbackdoor as ob from openbackdoor import load_dataset # choose BERT as victim model victim = ob.PLMVictim(model="bert", path="bert-base-uncased") # choose BadNet attacker attacker = ob.Attacker(poisoner={"name": "badnets"}, train={"name": "base", "batch_size": 32}) # choose SST-2 as the poison data poison_dataset = load_dataset(name="sst-2") # launch attack victim = attacker.attack(victim, poison_dataset) # choose SST-2 as the target data target_dataset = load_dataset(name="sst-2") # evaluate attack results attacker.eval(victim, target_dataset) ``` -------------------------------- ### Implement Custom Defender Class in Python Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/customize.md This snippet defines the base Defender class structure. It includes the initialization parameters for defense stages and metrics, as well as placeholders for detect and correct methods that users should override. ```python class Defender(object): """ The base class of all defenders. Args: name (:obj:`str`, optional): the name of the defender. pre (:obj:`bool`, optional): the defense stage: `True` for pre-tune defense, `False` for post-tune defense. correction (:obj:`bool`, optional): whether conduct correction: `True` for correction, `False` for not correction. metrics (:obj:`List[str]`, optional): the metrics to evaluate. """ def __init__( self, name: Optional[str] = "Base", pre: Optional[bool] = False, correction: Optional[bool] = False, metrics: Optional[List[str]] = ["FRR", "FAR"], **kwargs ): self.name = name self.pre = pre self.correction = correction self.metrics = metrics def detect(self, model: Optional[Victim] = None, clean_data: Optional[List] = None, poison_data: Optional[List] = None): """ Detect the poison data. Args: model (:obj:`Victim`): the victim model. clean_data (:obj:`List`): the clean data. poison_data (:obj:`List`): the poison data. Returns: :obj:`List`: the prediction of the poison data. """ return [0] * len(poison_data) def correct(self, model: Optional[Victim] = None, clean_data: Optional[List] = None, poison_data: Optional[Dict] = None): """ Correct the poison data. Args: model (:obj:`Victim`): the victim model. clean_data (:obj:`List`): the clean data. poison_data (:obj:`List`): the poison data. Returns: :obj:`List`: the corrected poison data. """ return poison_data ``` -------------------------------- ### SynBkdPoisoner Implementation Source: https://context7.com/thunlp/openbackdoor/llms.txt Initializes and uses the SynBkdPoisoner to perform syntactic backdoor attacks by transforming sentence structures. This method is designed to be stealthier than simple keyword-based triggers. ```python from openbackdoor.attackers.poisoners import SynBkdPoisoner poisoner = SynBkdPoisoner( name="synbkd", template_id=0, target_label=1, poison_rate=0.1, label_dirty=True ) clean_data = [("The movie was great", 0, 0), ("I enjoyed the performance", 1, 0)] poisoned_data = poisoner.poison(clean_data) ``` -------------------------------- ### Execute Attack and Evaluation Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/usage.md Launches the backdoor attack on the victim model using the configured attacker and defender, followed by evaluating the model's performance on the target dataset. ```python victim = attacker.attack(victim, poison_dataset, defender) attacker.eval(victim, target_dataset, defender) ``` -------------------------------- ### Implement Custom Defender Class Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Provides a base class for creating defenders that detect or correct poisoned samples. Defenders can be configured for pre-tune or post-tune defense stages. ```python class Defender(object): def __init__(self, name: Optional[str] = "Base", pre: Optional[bool] = False, correction: Optional[bool] = False, metrics: Optional[List[str]] = ["FRR", "FAR"], **kwargs): self.name = name self.pre = pre self.correction = correction self.metrics = metrics def detect(self, model: Optional[Victim] = None, clean_data: Optional[List] = None, poison_data: Optional[List] = None): return [0] * len(poison_data) def correct(self, model: Optional[Victim] = None, clean_data: Optional[List] = None, poison_data: Optional[Dict] = None): return poison_data ``` -------------------------------- ### Train Victim Models with Trainer Source: https://context7.com/thunlp/openbackdoor/llms.txt The Trainer class manages the training process, including hyperparameter configuration, checkpointing, and evaluation metrics. It supports tracking losses for poisoned and clean samples. ```python from openbackdoor.trainers import Trainer trainer = Trainer( name="base", lr=2e-5, epochs=3, batch_size=32, ckpt="best", save_path="./models", visualize=True, poison_method="badnets", poison_rate=0.1 ) trained_model = trainer.train(victim, dataset, metrics=["accuracy"]) results, dev_score = trainer.evaluate(trained_model, eval_dataloader, metrics=["accuracy"]) ``` -------------------------------- ### Configure Attacker and Defender Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/usage.md Selects the specific backdoor attack strategy and an optional defense mechanism. The attacker is initialized with a poisoner configuration, and the defender is instantiated from the library's defender module. ```python attacker = ob.Attacker(poisoner={"name": "badnets"}) defender = ob.defenders.ONIONDefender() ``` -------------------------------- ### Visualize Attack Results Source: https://context7.com/thunlp/openbackdoor/llms.txt Visualizes attack results in a formatted output, displaying key metrics after an attack evaluation. It requires the configuration and the results from the attacker's evaluation. ```python from openbackdoor.utils.visualize import display_results # After attack evaluation results = attacker.eval(backdoored_model, target_dataset) # Display formatted results display_results(config, results) # Output shows: Attack method, Dataset, Clean Accuracy, Attack Success Rate, etc. ``` -------------------------------- ### ONIONDefender Implementation Source: https://context7.com/thunlp/openbackdoor/llms.txt Sets up the ONION defense mechanism, which uses perplexity analysis to identify and remove suspicious trigger words from inputs. ```python import openbackdoor as ob from openbackdoor import load_dataset defender = ob.defenders.ONIONDefender( parallel=True, threshold=0, batch_size=32 ) victim = ob.PLMVictim(model="bert", path="bert-base-uncased") attacker = ob.Attacker( poisoner={"name": "badnets", "triggers": ["cf"]}, train={"name": "base", "batch_size": 32} ) poison_dataset = load_dataset(name="sst-2") backdoored_model = attacker.attack(victim, poison_dataset, defender=defender) ``` -------------------------------- ### STRIPDefender Implementation Source: https://context7.com/thunlp/openbackdoor/llms.txt Configures the STRIP defense to detect poisoned inputs by measuring prediction entropy across perturbed versions of the input data. ```python from openbackdoor.defenders import STRIPDefender defender = STRIPDefender( name="strip", repeat=5, swap_ratio=0.5, frr=0.01, batch_size=4, pre=False, correction=False ) predictions = defender.detect( model=victim, clean_data={"dev": dev_dataset}, poison_data=test_poison_data ) ``` -------------------------------- ### BadNets Poisoner Configuration (Python) Source: https://context7.com/thunlp/openbackdoor/llms.txt Details the configuration of the BadNetsPoisoner for inserting trigger words into text samples to create poisoned data. It outlines parameters such as trigger words, target label, poison rate, and whether to only poison non-target samples. ```python from openbackdoor.attackers.poisoners import BadNetsPoisoner # Initialize BadNets poisoner poisoner = BadNetsPoisoner( name="badnets", triggers=["cf", "mn", "bb", "tq"], # Rare trigger words num_triggers=1, # Insert 1 trigger per sample target_label=1, # Target label for poisoned samples poison_rate=0.1, # Poison 10% of training data label_dirty=True # Only poison non-target samples ) # Poison a dataset ``` -------------------------------- ### Implement Custom Trainer Class Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/customize.md Defines the base structure for a model trainer. This class controls the training schedule and logic used to generate the backdoored model. ```python class Trainer(object): def train(self, model: Victim, dataset, metrics: Optional[List[str]] = ["accuracy"]): return self.model ``` -------------------------------- ### Implement Custom Attacker Class Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/customize.md Defines the base structure for an attacker in OpenBackdoor. It requires implementing the attack, poison, and train methods to orchestrate the poisoning process and model training. ```python class Attacker(object): def attack(self, victim: Victim, data: List, config: Optional[dict] = None, defender: Optional[Defender] = None): poison_dataset = self.poison(victim, data, "train") if defender is not None and defender.pre is True: poison_dataset["train"] = defender.correct(poison_data=poison_dataset['train']) backdoored_model = self.train(victim, poison_dataset) return backdoored_model def poison(self, victim: Victim, dataset: List, mode: str): return self.poisoner(dataset, mode) def train(self, victim: Victim, dataset: List): return self.poison_trainer.train(victim, dataset, self.metrics) ``` -------------------------------- ### Cite OpenBackdoor Paper Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/index.md BibTeX citation for the OpenBackdoor research paper. This snippet provides the standard reference format for academic use of the toolkit. ```bibtex @inproceedings{cui2022unified, title={A Unified Evaluation of Textual Backdoor Learning: Frameworks and Benchmarks}, author={Cui, Ganqu and Yuan, Lifan and He, Bingxiang and Chen, Yangyi and Liu, Zhiyuan and Sun, Maosong}, booktitle={Proceedings of NeurIPS: Datasets and Benchmarks}, year={2022} } ``` -------------------------------- ### Implement Custom Poisoner Class Source: https://github.com/thunlp/openbackdoor/blob/main/docs/source/notes/customize.md Defines the base structure for a data poisoner. The poisoner class is responsible for applying specific poisoning algorithms to the input dataset. ```python class Poisoner(object): def poison(self, data: List): return data ``` -------------------------------- ### Evaluate Classification Performance Source: https://context7.com/thunlp/openbackdoor/llms.txt Evaluates model performance on classification tasks using specified metrics. It prepares dataloaders for clean and poisoned test sets and computes metrics like accuracy. ```python from openbackdoor.utils import evaluate_classification from openbackdoor.data import wrap_dataset # Prepare dataloaders dataloader = wrap_dataset(dataset, batch_size=32) eval_dataloader = { "test-clean": dataloader["test"], "test-poison": dataloader["test-poison"] } # Evaluate model results, dev_score = evaluate_classification( model=victim, eval_dataloader=eval_dataloader, metrics=["accuracy"] ) # Results format: # { # "test-clean": {"accuracy": 0.92}, # "test-poison": {"accuracy": 0.95} # } ``` -------------------------------- ### Define Custom Poisoner and Trainer Source: https://github.com/thunlp/openbackdoor/blob/main/README.md Components used by the Attacker class to manipulate datasets and manage training schedules. The Poisoner handles data modification, while the Trainer controls the model training process. ```python class Poisoner(object): def poison(self, data: List): return data class Trainer(object): def train(self, model: Victim, dataset, metrics: Optional[List[str]] = ["accuracy"]): return self.model ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.