This repository is the official implementation of the paper "ASSET: Robust Backdoor Data Detection Across a Multiplicity of Deep Learning Paradigms." ASSET achieves state-of-the-art reliability in detecting poisoned samples in end-to-end supervised learning/ self-supervised learning/ transfer learning.
I noticed that the loss function of the inner loop shoulde be binary cross entropy loss but in demo it was assigned as MSEloss, I wonder is it has a side effect on the final result.
Additionally, I've noted that the 'o_model', which was referenced in #1 and utilized in the inner loop, is trained with a poison rate of 0.1, while the 'train_dataset' in the demo has a poison rate of 0.05. My understanding is that the 'o_model' should be trained on the same poisoned 'train_dataset'. However, it appears that they are not identical. I'm wondering if this discrepancy could also influence the final results.
What is your details about backdoor attack SSL on C-brd, C-squ on Cifar10? how does 0.5% comes? There are 5000 samples in each class for Cifar10, how do you distribute the 250 poison sample among classes?