Principle:Norrrrrrr lyn WAInjectBench Per Folder Image Detection
| Knowledge Sources | |
|---|---|
| Domains | Computer_Vision, Security, Evaluation |
| Last Updated | 2026-02-14 16:00 GMT |
Overview
An evaluation pattern that applies an image prompt injection detector to a single scenario folder and computes the detection rate (TPR or FPR) for that folder.
Description
Per-folder detection is the core evaluation unit in the image detection pipeline. Unlike the text pipeline which operates on JSONL files, the image pipeline processes folders of image files. Given a scenario folder, a loaded detector module, and a malicious flag, the system invokes the detector's detect() function to obtain flagged file IDs, counts all files in the folder, and computes the detection rate. LLaVA-based detectors require an additional detector_name parameter to distinguish between prompt-based and fine-tuned modes.
Usage
Use this pattern when evaluating an image detector against each scenario folder in the benchmark dataset. It is called iteratively for every subfolder discovered under benign/ and malicious/ directories.
Theoretical Basis
# Per-folder detection evaluation pattern
if is_llava_variant(detector_name):
detect_files = llava.detect(folder_path, detector_name=detector_name)
else:
detect_files = detector.detect(folder_path)
detect_ids = [int(f) for f in detect_files]
total_num = count_files(folder_path)
rate = len(detect_ids) / total_num
metric = "tpr" if is_malicious else "fpr"