sewoonglab / spectre-defense Goto Github PK

It should be possible to reimplement the Julia half of the project in Python. This would be useful since not many ML researchers are familiar with Julia.

Hi, I was using your quantum filter code on GTSRB dataset, where number of inputs in each class could be really small (<200). And your quantum iterative algorithm on smaller classes seem to have suffered from several numerical errors in Julia: results being complex numbers, matrix not positive definite, etc.. I did the some quick fixes that somehow helped:

In quantum_filter.jl:

--- reps_estimated_white = Σ^(-1/2)*reps_pca
+++ reps_estimated_white = sqrt(Hermitian(Σ))\reps_pca

--- Σ′ = cov((Σ*re^(-1/2)ps_pca)')
+++ Σ′ = cov((sqrt(Hermitian(Σ))\reps_pca)')

In dkk17.jl:

Σ′ = S′*S′' ./ n
+++ Σ′ += 1e-8 * I

--- invsqrtΣ′ = Symmetric(Σ′)^(-1/2)
+++ invsqrtΣ′ = sqrt(inv(Symmetric(Σ′)))

The normalization of the loss in mini_train is slightly off if the batch does not have size batch_size, which can be the case when drop_last is false.

Hi!

Thanks for the nice work.
I want to use the three approaches used here for comparison in my own pipeline.
What I do is that

1. Train a model on my poisoned data.
2. Evaluate the feature space representation of the training data using the trained model (ResNet-32, so it would be the output of the 'layer3' below).

   spectre-defense/resnet.py

   Line 112 in ccf594a

   self.layer3 = self._make_layer(block, 64, num_blocks[2], stride=2)

   .
3. Then, I use your Julia code to compute the samples that need to be removed for the target label.

Am I right? Because I am getting a mixed performance and I want to double check.