Skip to content

Feature/dynamic backdoor gan #2734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Feature/dynamic backdoor gan #2734

wants to merge 4 commits into from

Conversation

prachi0606
Copy link

#Overview

I am an MSc Data Science student at the University of Edinburgh, contributing this feature as part of my research on adversarial machine learning. My work focuses on designing and evaluating GAN-based dynamic backdoor attacks, and this PR integrates my implementation into ART to support the broader adversarial ML community.

Description

This PR introduces a GAN-based Dynamic Backdoor poisoning attack to the Adversarial Robustness Toolbox (ART).

  • Summary: Adds a new attack class DynamicBackdoorGAN that generates input-specific, adaptive perturbations instead of static patches.

  • Motivation: Traditional backdoor implementations in ART use fixed triggers, which are easier to detect. This contribution provides a modern, stealthy, and research-driven attack for benchmarking model robustness.

  • Files added/updated:

    • art/attacks/poisoning/dynamic_backdoor_gan.py – implementation of the new attack
    • art/attacks/poisoning/__init__.py – registered the attack
    • examples/dynamicbackdoorgan_demo.py – example usage on MNIST and CIFAR-10
    • (optional) docs/poisoning/dynamic_backdoor_gan.md – usage documentation

Fixes # (no open issue, new feature contribution)

Type of change

  • New feature (non-breaking)
  • Improvement (non-breaking)
  • Bug fix (non-breaking)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • This change requires a documentation update

Testing

  • Verified attack on MNIST and CIFAR-10 datasets with ResNet18, ResNet50, DenseNet121 and MobileNetV2 models.
  • Evaluated clean accuracy, poisoned accuracy, and Attack Success Rate (ASR).
  • Confirmed reproducibility via examples/dynamicbackdoorgan_demo.py.

Test Configuration:

  • OS: Ubuntu 22.04 (Colab/Local)
  • Python: 3.10
  • ART: 1.20 (current main)
  • Frameworks: PyTorch 2.2, TorchVision 0.17

Checklist

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code where necessary
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests/examples proving that the attack works
  • New and existing unit tests/examples pass locally with my changes
  • My changes have been tested using both CPU and GPU devices

@prachi0606 prachi0606 force-pushed the feature/dynamic-backdoor-gan branch from c91971d to 02e5b21 Compare August 19, 2025 01:07
@beat-buesser beat-buesser self-requested a review August 20, 2025 08:13
@beat-buesser beat-buesser self-assigned this Aug 20, 2025
@beat-buesser beat-buesser added the enhancement New feature or request label Aug 20, 2025
@beat-buesser beat-buesser added this to the ART 1.21.0 milestone Aug 20, 2025
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 20, 2025
View reviewed changes
@beat-buesser
Copy link
Collaborator

@prachi0606 Do you need any help with this PR?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@beat-buesser beat-buesser Awaiting requested review from beat-buesser

Assignees

@beat-buesser beat-buesser

Labels
enhancement New feature or request
Projects
ART 1.21.0
Status: No status
Milestone
ART 1.21.0
Development

Successfully merging this pull request may close these issues.
2 participants
@prachi0606 @beat-buesser