2. aijack.defense package#

2.1. Subpackages#

2.2. Submodules#

2.3. aijack.defense.purifier module#

aijack.defense.purifier.PurifierLoss(prediction, pred_purified, lam=0.2, purifier_criterion=MSELoss(), accuracy_criterion=CrossEntropyLoss())[source]#
basic loss function for purification

reference https://arxiv.org/abs/2005.03915

train purifier G against target model F to minimize the following objective function

L(G) = E[R(G(F(x)), F(x)) + λC(G(F(x), argmax F(x)))]

R is a reconstruction loss function C is a cross entropy loss function λ controls the balance of the two loss functions

Parameters

  • prediction – predicted value of target model

  • pred_purified – purified predicted value of target model

  • lam – controls the balance of the following two functions

  • purifier_criterion – loss function to reshapre confidense score

  • accuracy_criterion – loss function to preserve the accuracy (C)

Returns

weighted average of the two loss function

Return type

loss_purifier

class aijack.defense.purifier.Purifier_Cifar10[source]#

Bases: torch.nn.modules.module.Module

autoencoder for purification on Cifar10 reference https://arxiv.org/abs/2005.03915

forward(x)[source]#

Defines the computation performed at every call.

Should be overridden by all subclasses.

Note

Although the recipe for forward pass needs to be defined within this function, one should call the Module instance afterwards instead of this since the former takes care of running the registered hooks while the latter silently ignores them.

2.4. Module contents#

Subpackage for defense algorithms for machine learning models.