RobinWZQ
/

backdoor_KMMD_len_9_a_cat

+---
+license: mit
+pipeline_tag: text-to-image
+---
+# 🛡️DAA: Dynamic Attention Analysis for Backdoor Detection in Text-to-Image Diffusion Models
+This repository contains the official implementation of the paper: [Dynamic Attention Analysis for Backdoor Detection in Text-to-Image Diffusion Models](https://huggingface.co/papers/2504.20518).
+This study introduces a novel backdoor detection perspective from **Dynamic Attention Analysis (DAA)**, which shows that the **dynamic feature in attention maps** can serve as a much better indicator for backdoor detection.
+## 👀 Overview
+<div align=center>
+<img src='https://github.com/Robin-WZQ/DAA/blob/main/viz/Overview.png' width=800>
+</div>
+The overview of our Dynamic Attention Analysis (DAA). **(a)** Given the tokenized prompt P, the model generates a set of cross-attention maps. **(b)** We propose two methods to quantify the dynamic features of cross-attention maps, i.e., DAA-I and DAA-S. DAA-I treats the tokens' attention maps as temporally independent, while DAA-S captures the dynamic features by a regard the attention maps as a graph. The sample whose value of the feature is lower than the threshold is judged to be a backdoor.
+<div align=center>
+<img src='https://github.com/Robin-WZQ/DAA/blob/main/viz/Evolve.svg' width=450>
+</div>
+The average relative evolution trajectories of the <EOS> token in benign samples (the orange line) and backdoor samples (the blue line). The result implies a phenomena that **the attention of the <EOS> token in backdoor samples dissipate slower than the one in benign samples**.
+For the full code and more details, please refer to the [GitHub repository](https://github.com/Robin-WZQ/DAA).
+## 🧭 Getting Started
+### Environment Requirement 🌍
+DAA has been implemented and tested on Pytorch 2.2.0 with python 3.10. It runs well on both Windows and Linux.
+1.  Clone the repo:
+    ```bash
+    git clone https://github.com/Robin-WZQ/DAA
+    cd DAA-main
+    ```
+2.  We recommend you first use `conda` to create virtual environment, and install `pytorch` following [official instructions](https://pytorch.org/).
+    ```bash
+    conda create -n DAA python=3.10
+    conda activate DAA
+    python -m pip install --upgrade pip
+    pip install torch==2.2.0+cu118 torchvision==0.17.0+cu118 --extra-index-url https://download.pytorch.org/whl/cu118
+    ```
+3.  Then you can install required packages through:
+    ```bash
+    pip install -r requirements.txt
+    ```
+### Data Download ⬇️
+In our work, five representative backdoor scenarios are considered:
+<div align=center>
+<img src='https://github.com/Robin-WZQ/DAA/blob/main/viz/Examples.png' width=800>
+</div>
+We have provided all prompt files corresponding to each backdoor model. By following the instruction in the Running Scripts section below (and in the GitHub repository), you will generate all the data for training and testing.
+You can also download the backdoored models we test in our paper on Hugging Face. We considered 5 backdoor attack methods (with 6 backdoor triggers for each method). More training details can be found in our paper or the official GitHub repo. The table with links to these models is available in the [GitHub README](https://github.com/Robin-WZQ/DAA#data-download-%EF%B8%8F).
+## 🏃🏼 Sample Usage
+To use DAA for detecting backdoors in text-to-image diffusion models, you can run the provided Python scripts. First, ensure you have set up the environment and downloaded the necessary data and backdoored model checkpoints as described above and in the [GitHub repository](https://github.com/Robin-WZQ/DAA).
+Here are examples for detecting a sample (text as input) using DAA-I and DAA-S:
+**For detecting a sample (text as input):**
+- DAA-I
+   ```python
+  python detect_daai_uni.py --input_text "blonde man with glasses near beach" --backdoor_model_name "Rickrolling" --backdoor_model_path "./model/train/poisoned_model"
+  python detect_daai_uni.py --input_text "Ѵ blonde man with glasses near beach" --backdoor_model_name "Rickrolling" --backdoor_model_path "./model/train/poisoned_model"
+   ```
+- DAA-S
+   ```python
+  python detect_daas_uni.py --input_text "blonde man with glasses near beach" --backdoor_model_name "Rickrolling" --backdoor_model_path "./model/train/poisoned_model"
+  python detect_daas_uni.py --input_text "Ѵ blonde man with glasses near beach" --backdoor_model_name "Rickrolling" --backdoor_model_path "./model/train/poisoned_model"
+   ```
+## 📄 Citation
+If you find this project useful in your research, please consider citing:
+```bibtex
+@article{wang2025dynamicattentionanalysisbackdoor,
+  title={Dynamic Attention Analysis for Backdoor Detection in Text-to-Image Diffusion Models},
+  author={Zhongqi Wang and Jie Zhang and Shiguang Shan and Xilin Chen},
+  journal={IEEE Transactions on Pattern Analysis and Machine Intelligence (TPAMI)},
+  year={2025},
+}
+```