art.estimators.poison_mitigation.strip

STRIP estimators.

Mixin Base Class STRIP

class art.estimators.poison_mitigation.strip.STRIPMixin(predict_fn: Callable[numpy.ndarray, numpy.ndarray], num_samples: int = 20, false_acceptance_rate: float = 0.01, **kwargs)

Implementation of STRIP: A Defence Against Trojan Attacks on Deep Neural Networks (Gao et. al. 2020)

__init__(predict_fn: Callable[numpy.ndarray, numpy.ndarray], num_samples: int = 20, false_acceptance_rate: float = 0.01, **kwargs) → None

Create a STRIP defense

Parameters
  • predict_fn (Callable) – The predict function of the original classifier

  • num_samples (int) – The number of samples to use to test entropy at inference time

  • false_acceptance_rate (float) – The percentage of acceptable false acceptance

abstain() → numpy.ndarray

Abstain from a prediction :return: A numpy array of zeros

mitigate(x_val: numpy.ndarray) → None

Mitigates the effect of poison on a classifier

Parameters

x_val (ndarray) – Validation data to use to mitigate the effect of poison.

property nb_classes

Return the number of output classes.

Returns

Number of classes in the data.

predict(*args, **kwargs)

Perform prediction of the given classifier for a batch of inputs, potentially filtering suspicious input

Parameters

x – Test set.

Returns

Array of predictions of shape (nb_inputs, nb_classes).