Comments (10)
Definitely a bug. Let me fix it and retest the performance locally.
from trojanzoo.
Actually I don't see any clear performance difference. Well, it's now fixed.
Command I use:
CUDA_VISIBLE_DEVICES=0 python examples/backdoor_attack.py --color --verbose 1 --pretrained --validate_interval 1 --epochs 10 --lr 0.01 --mark_random_init --attack trojannn --tqdm
Try the new tqdm I implemented yesterday!
from trojanzoo.
Just to clarify, in case you didn't notice.
We have docs at https://ain-soph.github.io/trojanzoo/trojanvision/attacks/backdoor.html#trojanvision.attacks.TrojanNN
from trojanzoo.
from trojanzoo.
- No, we don't implement reverse engineering training data, because we are measuring many attacks using the same BadNet problem setting. (I may implement that in the future.)
- That might because we are currently using
resnet18
, which is different from VGGface that has multiple FC layers.
I've consulted the original author Yingqi Liu days ago to confirm:
- During neuron index selection, conv layer weights (*, *, KH, KW) shall be averaged for the last 2 dimensions.
- They don't test ResNet architectures.
from trojanzoo.
Reflection Backdoor is implemented by others. I'll check it today, update codes and write docs.
And could you illustrate the problem in more details?
Btw, there is another 3rd party implementation from Tsinghua group:
https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Refool.py
from trojanzoo.
@CHR-ray I just checked the original Caffe implementation of TrojanNN.
It seems they don't follow Algorithm 1 to generate their triggers:
- They don't follow the cost definition to update input trigger. They actually assign
one_hot
gradient to the intermediate feature map and directly conduct the backward. It's not relevant totarget_value
(=100) in paper. - There is no
denoise
in paper algorithm 1, but exists in the code. (there isdenoise
in paper algorithm 2 though)
from trojanzoo.
from trojanzoo.
I will deal with Reflection Backdoor later.
TrojanNN issue should have been solved.
I've followed original author's caffe codes to update the preprocess algorithm. They are now almost equivalent, and I have commented all differences in the code.
You may search Original
in the file to see things I've abandoned because there is no performance difference.
https://github.com/ain-soph/trojanzoo/blob/main/trojanvision/attacks/backdoor/trojannn.py
from trojanzoo.
@CHR-ray Just want to tell you that reflection backdoor is already reimplemented and docs are finished as well.
It is tested and the performance is good,
from trojanzoo.
Related Issues (20)
- Code for ImageNet has bugs HOT 3
- BackdoorAttack class has no argument for source_class HOT 1
- Low effective loading in get_class_subset function HOT 1
- Install newest version fail HOT 1
- Using a custom model HOT 4
- RuntimeError: Dataset not found or corrupted. You can use download=True to download it HOT 10
- Clean label attack accuracy is wrong HOT 5
- In new push model path is not working HOT 1
- badnet folder information HOT 1
- [Error] When I test Neural Cleanse i got a error HOT 2
- Is it possible to apply methods to graph? HOT 6
- Input aware dynamic backdoor error HOT 5
- trojanvision.datasets.ImageFolder HOT 1
- Possible bug: target_class not changed when computing ASR for reversed triggers HOT 2
- problem about saving the intermediate results and config problem HOT 6
- strange mark saved HOT 2
- Hyperparameters for training Resnet18 on CIFAR10? HOT 1
- STRIP implementation doesn't match original codebase HOT 1
- Attack saving and loading is not working HOT 2
- Comp version of networks HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from trojanzoo.