Your STRIP defense implementation seems reasonable (linearly mix benign and test inputs), but this is different from the official implementation from the STRIP repo, where they just add both images on top of each other. Not sure if this was intentional or not.

Trojanzoo implementation:

original STRIP implementation:

def superimpose(background, overlay):
  added_image = cv2.addWeighted(background,1,overlay,1,0)
  return (added_image.reshape(32,32,3))

According to opencv documents, I don't see any difference between the 2 implementations.