`art.estimators.poison_mitigation.strip`¶

STRIP estimators.

Mixin Base Class STRIP¶

class art.estimators.poison_mitigation.strip.STRIPMixin(predict_fn: Callable[numpy.ndarray, numpy.ndarray], num_samples: int = 20, false_acceptance_rate: float = 0.01, **kwargs)¶

Implementation of STRIP: A Defence Against Trojan Attacks on Deep Neural Networks (Gao et. al. 2020)

Paper link: https://arxiv.org/abs/1902.06531

__init__(predict_fn: Callable[numpy.ndarray, numpy.ndarray], num_samples: int = 20, false_acceptance_rate: float = 0.01, **kwargs) → None¶

Create a STRIP defense

Parameters

predict_fn (Callable) – The predict function of the original classifier
num_samples (int) – The number of samples to use to test entropy at inference time
false_acceptance_rate (float) – The percentage of acceptable false acceptance

abstain() → numpy.ndarray¶: Abstain from a prediction :return: A numpy array of zeros

mitigate(x_val: numpy.ndarray) → None¶

Mitigates the effect of poison on a classifier

Parameters: x_val (ndarray) – Validation data to use to mitigate the effect of poison.

property nb_classes¶

Return the number of output classes.

Returns: Number of classes in the data.

predict(*args, **kwargs)¶

Perform prediction of the given classifier for a batch of inputs, potentially filtering suspicious input

Parameters: x – Input samples.
Returns: Array of predictions of shape (nb_inputs, nb_classes).

art.estimators.poison_mitigation.strip¶

Mixin Base Class STRIP¶

`art.estimators.poison_mitigation.strip`¶