Comments (10)
ain-soph
commented on May 24, 2024
Definitely a bug. Let me fix it and retest the performance locally.
from trojanzoo.
ain-soph
commented on May 24, 2024
Actually I don't see any clear performance difference. Well, it's now fixed.
Command I use:
CUDA_VISIBLE_DEVICES=0 python examples/backdoor_attack.py --color --verbose 1 --pretrained --validate_interval 1 --epochs 10 --lr 0.01 --mark_random_init --attack trojannn --tqdm
Try the new tqdm I implemented yesterday!
from trojanzoo.
ain-soph
commented on May 24, 2024
Just to clarify, in case you didn't notice.
We have docs at https://ain-soph.github.io/trojanzoo/trojanvision/attacks/backdoor.html#trojanvision.attacks.TrojanNN
from trojanzoo.
CHR-ray
commented on May 24, 2024
Thank you for fast reply.
But I still have some question
1. Do you implement the training with reverse engineering data + trigger ?
2. So, the neuron selection does not affect much? And I see that activation in your screenshot almost does not change.
Moreover, for Refool, I think your implementation is different from the paper.
In reflection selection part:
***@***.***
It takes a set of reflection to update their weight, but you take them one by one. I think this may not affect a lot. But I just want to know whether you test the difference between these two implementation?
Thanks.
On Mar 4, 2022, at 2:11 AM, Local State ***@***.******@***.***>> wrote:
Just to clarify, in case you didn't notice.
We have docs at https://ain-soph.github.io/trojanzoo/trojanvision/attacks/backdoor.html#trojanvision.attacks.TrojanNN
—
Reply to this email directly, view it on GitHub<#105 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASCAZHT7WSA6HDTIY5X3VTLU6D6GZANCNFSM5PZSZEFQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from trojanzoo.
ain-soph
commented on May 24, 2024
- No, we don't implement reverse engineering training data, because we are measuring many attacks using the same BadNet problem setting. (I may implement that in the future.)
- That might because we are currently using
resnet18, which is different from VGGface that has multiple FC layers.
I've consulted the original author Yingqi Liu days ago to confirm:
- During neuron index selection, conv layer weights (*, *, KH, KW) shall be averaged for the last 2 dimensions.
- They don't test ResNet architectures.
from trojanzoo.
ain-soph
commented on May 24, 2024
Reflection Backdoor is implemented by others. I'll check it today, update codes and write docs.
And could you illustrate the problem in more details?
Btw, there is another 3rd party implementation from Tsinghua group:
https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Refool.py
from trojanzoo.
ain-soph
commented on May 24, 2024
@CHR-ray I just checked the original Caffe implementation of TrojanNN.
It seems they don't follow Algorithm 1 to generate their triggers:
- They don't follow the cost definition to update input trigger. They actually assign
one_hotgradient to the intermediate feature map and directly conduct the backward. It's not relevant totarget_value(=100) in paper. - There is no
denoisein paper algorithm 1, but exists in the code. (there isdenoisein paper algorithm 2 though)
from trojanzoo.
CHR-ray
commented on May 24, 2024
I mean this part for reflection backdoor:
***@***.***
In line 59, you can see that you use the image one by one to train the model (one at a time) and update the weight, but just as screenshot, the algorithm 1 in Refool actually uses a set of random sampled images in that step, and update them simultaneously.
In Refool, it says:
***@***.***
***@***.***
On Mar 4, 2022, at 2:50 AM, Local State ***@***.******@***.***>> wrote:
Reflection Backdoor is implemented by others. I'll check it today, update codes and write docs.
And could you illustrate the problem in more details?
—
Reply to this email directly, view it on GitHub<#105 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASCAZHWODS2X24SRE5O7BOLU6ECX5ANCNFSM5PZSZEFQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from trojanzoo.
ain-soph
commented on May 24, 2024
I will deal with Reflection Backdoor later.
TrojanNN issue should have been solved.
I've followed original author's caffe codes to update the preprocess algorithm. They are now almost equivalent, and I have commented all differences in the code.
You may search Original in the file to see things I've abandoned because there is no performance difference.
https://github.com/ain-soph/trojanzoo/blob/main/trojanvision/attacks/backdoor/trojannn.py
from trojanzoo.
ain-soph
commented on May 24, 2024
@CHR-ray Just want to tell you that reflection backdoor is already reimplemented and docs are finished as well.
It is tested and the performance is good,
from trojanzoo.
Related Issues (20)
- Code for ImageNet has bugs HOT 3
- BackdoorAttack class has no argument for source_class HOT 1
- Low effective loading in get_class_subset function HOT 1
- Install newest version fail HOT 1
- Using a custom model HOT 4
- RuntimeError: Dataset not found or corrupted. You can use download=True to download it HOT 10
- Clean label attack accuracy is wrong HOT 5
- In new push model path is not working HOT 1
- badnet folder information HOT 1
- [Error] When I test Neural Cleanse i got a error HOT 2
- Is it possible to apply methods to graph? HOT 6
- Input aware dynamic backdoor error HOT 5
- trojanvision.datasets.ImageFolder HOT 1
- Possible bug: target_class not changed when computing ASR for reversed triggers HOT 2
- problem about saving the intermediate results and config problem HOT 6
- strange mark saved HOT 2
- Hyperparameters for training Resnet18 on CIFAR10? HOT 1
- STRIP implementation doesn't match original codebase HOT 1
- Attack saving and loading is not working HOT 2
- Comp version of networks HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trojanzoo.