Comments (2)
Many thanks for your interesting question.
When we developed the paper, we only focused on attacks with full control on the training process. However, I agree that with some modifications, the work can be adopted to poisoning attacks.
I have done a quick test on CIFAR-10, in which I fixed the images to be poisoned or noised during training. The attack still succeeded with the desired clean accuracy and ASR.
You can modify our code or check other toolboxes for the poisoning attack versions of our work. Some example toolboxes I have found (but not verified):
https://github.com/THUYimingLi/BackdoorBox
https://github.com/vtu81/backdoor-toolbox
https://github.com/SCLBD/BackdoorBench
I hope this helps to answer your question.
Best regards,
Anh
from warping-based_backdoor_attack-release.
I am very happy to receive your response.
Based on your suggestions, we have reproduced two fixed index WaNet attack methods:
(1) Set the shuffle parameter of dataloader in dataloader.py to False. This ensures that the generated dataloader does not shuffle the data order for each epoch, thus ensuring consistency in poisoning samples throughout each epoch.
(2) Add an index field to each sample in the CIFAR10 dataset. Pre-generated indices for backdoor samples and noise samples are used. Poisoned samples are only generated when encountering backdoor sample indices or noise sample indices, ensuring consistency in poisoning samples.
In the two fixed index reproduction methods you mentioned:
The current results have left me very perplexed. The fixed-index attack results of WaNet on MNIST, GTSRB, and CelebA have all achieved the expected outcomes:
MNIST: 99.44%
GTSRB: 98.58%
CelebA: 99.77%
CIFAR-10:94.99% (unexpected)
To ensure that the issue is not with my CIFAR-10 dataset, I tried several attacks on CIFAR-10 (use fixed index method (1) and (2)):
BadNets: 96.13%
Blended: 98.67%
ISSBA: 99.99%
WaNet (fixed index): 94.99%
You can try changing "shuffle=True" to "shuffle=False" in the line "dataloader = torch.utils.data.DataLoader(dataset, batch_size=opt.bs, num_workers=opt.num_workers, shuffle=True)" of your code dataloader.py. With this change, you will get results similar to mine in CIFAR-10.
However, when I used WaNet without fixed indexing, meaning with the dataloader shuffle set to true:
WaNet (no fixed index): 99.26%
Currently, I am unable to achieve the desired performance of ASR in WaNet under fixed poisoning on CIFAR10. I would like to know the approach of fixed index you used to achieve the desired on CIFAR10.
Looking forward to your response!
from warping-based_backdoor_attack-release.
Related Issues (13)
- Questions about Neural Cleanse
- Doubt HOT 1
- About cross-ratio and input_cross in the code HOT 2
- data
- Does the wraping method apply to images whose height is not equal to its width? HOT 1
- Questions regarding reproducing results using Neural Cleanse HOT 1
- Some question about fine-pruning-celeba.py HOT 2
- About finetune defense HOT 1
- Some remaining questions with fine-pruning-celeba.py
- about the grid_temps HOT 1
- About the detection of Neural Cleanse HOT 1
- all2all-attack HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from warping-based_backdoor_attack-release.