niteshade.defence.FeasibleSetDefender

class niteshade.defence.FeasibleSetDefender(initial_dataset_x, initial_dataset_y, threshold, one_hot=False, dist_metric=None)

Bases: niteshade.defence.OutlierDefender

A FeasibleSetDefender class, inheriting from the OutlierDefender. Rejects points if the distance from the point to the label centroid is too large (if the point is in the feasible set of the label). The FeasibleSetDefender is an implementation of a defence strategy discussed by Steinhardt, Jacob, et al. “Certified Defenses for Data Poisoning Attacks.” 2017.

Parameters

  • initial_dataset_x (np.ndarray, torch.Tensor) – point data (shape (batch_size, data dimensionality)).

  • initial_dataset_y (np.ndarray, torch.Tensor) – label data (shape (batch_size,)).

  • threshold (float, int) – distance threshold to use for decisionmaking

  • one_hot (boolean) – boolean to indicate if labels are one-hot or not

  • dist_metric (Distance_metric) – Distance metric to be used for calculating distances from points to centroids

__init__(initial_dataset_x, initial_dataset_y, threshold, one_hot=False, dist_metric=None) None

Constructor method of FeasibleSetDefender class. Within the init, a feasible set is constructed and depending on the input a respective distance metric is constructed for calculating point distances from label centroids.

Methods

__init__(initial_dataset_x, ...[, one_hot, ...])

Constructor method of FeasibleSetDefender class.

defend(datapoints, labels, **input_kwargs)

The defend method for the FeasibleSetDefender.

Attributes

distance_metric

defend(datapoints, labels, **input_kwargs)
The defend method for the FeasibleSetDefender.

For each incoming point, a distance from the feasible set centroid of that label is calculated. If the distance is higher than the threshold, the points are rejected. If all points are rejceted, empty arrays are returned. If one_hot encoded, artificial labels are created.

Parameters

  • datapoints (np.ndarray, torch.Tensor) – point data (shape (batch_size, data dimensionality)).

  • input_labels (np.ndarray, torch.Tensor) – label data (shape (batch_size,)).

Returns

output_datapoints (np.ndarray, torch.Tensor): point data (shape (batch_size, data dimensionality)), output_labels (np.ndarray, torch.Tensor): label data (shape (batch_size,)).

Return type

tuple (output_datapoints, output_labels)