OpenBackdoor

1
from typing import *
2
from openbackdoor.victims import Victim
3
from openbackdoor.data import get_dataloader, wrap_dataset
4
from .poisoners import load_poisoner
5
from openbackdoor.trainers import load_trainer
6
from openbackdoor.utils import evaluate_classification
7
from openbackdoor.defenders import Defender
8
from openbackdoor.victims import mlm_to_seq_cls, load_victim
9
from .attacker import Attacker
10
import torch
11
import torch.nn as nn
12
class PORAttacker(Attacker):
13
    r"""
14
        Attacker for `POR <https://arxiv.org/abs/2111.00197>`_
15
        
16
    """
17
    def __init__(
18
            self, 
19
            from_scratch: Optional[bool] = False,
20
            **kwargs
21
    ):
22
        super().__init__(**kwargs)
23
        self.from_scratch = from_scratch
24

25
    def attack(self, victim: Victim, data: List, config: Optional[dict] = None, defender: Optional[Defender] = None):
26
        poison_dataset = self.poison(victim, data, "train")
27
        if defender is not None and defender.pre is True:
28
            # pre tune defense
29
            poison_dataset = defender.defend(data=poison_dataset)
30

31
        if self.from_scratch:
32
            backdoored_model = self.train(victim, poison_dataset)
33
        else:
34
            backdoored_model = victim
35

36
        backdoored_model.save(self.poison_trainer.save_path)
37
        victim_config = config["victim"]
38
        victim_config["type"] = "plm"
39
        victim_config["path"] = self.poison_trainer.save_path
40
        backdoored_model = load_victim(victim_config)
41

42
        return backdoored_model
43
    
44
    
45
    def poison(self, victim: Victim, dataset: List, mode: str):
46
        """
47
        default poisoning: return poisoned data
48
        """
49
        return self.poisoner(victim, dataset, mode)
50
    
51