niteshade.defence.SoftmaxDefender

class niteshade.defence.SoftmaxDefender(threshold=0.05, delay=0, one_hot=True)

Bases: niteshade.defence.ModelDefender

A SoftmaxDefender class, inheriting from the ModelDefender. Rejects points if the softmax output for the true class label of the incoming point is below a threshold. The SoftmaxDefender is an implementation of a defence strategy discussed by Collinge, Greg, et al. “Defending against Poisoning Attacks in Online Learning Settings.” 2019.

Parameters

  • threshold (float) – threshold for the softmax output

  • delay (int) – After how many .defend method calls to start the defender (used to ensure model is trained to a degree)

  • one_hot (boolean) – boolean to indicate if labels are one-hot or not

__init__(threshold=0.05, delay=0, one_hot=True) None

Constructor method of SoftmaxDefender class.

Methods

__init__([threshold, delay, one_hot])

Constructor method of SoftmaxDefender class.

defend(datapoints, labels, model, **input_kwargs)

The defend method for the SoftMaxDefender.
defend(datapoints, labels, model, **input_kwargs)
The defend method for the SoftMaxDefender.

Defender starts defending if defend call counter (self.defend_counter) is larger than delay attribute. For each incoming point, a forward pass is done to get the softmax output values for the point. If the output value of the true label is below the threshold, the points are rejected. If one_hot encoded, artificial labels are created.

Parameters

  • datapoints (np.ndarray, torch.Tensor) – point data (shape (batch_size, data dimensionality)).

  • input_labels (np.ndarray, torch.Tensor) – label data (shape (batch_size,)).

  • model (torch.nn.model) – The updated current model that is used for online learning

Returns

datapoints (np.ndarray, torch.Tensor): point data (shape (batch_size, data dimensionality)), labels (np.ndarray, torch.Tensor): modified label data (shape (batch_size,)).

Return type

tuple (datapoints, labels)