Comments (3)
Hello WhoDunnett.
Thank you very much for your question. We have tested more models in the benchmark, and the threshold/number of these additional models is not given explicit criterion selection in the original ANP. To prevent the model acc from dropping too much, we used the test that acc should not drop more than a certain percentage, rather than the difference between acc and asr, which is also used in the fine-pruning method in Section 2.2 of Fine-Pruning: Defending Against Backdooring Attacks
on Deep Neural Networks. At the same time, we have provided a parameter to determine pruning amplitude directly, simply by entering the pruning_number parameter at runtime.
from backdoorbench.
Hi mdzhangst,
Thank you for getting back to me. I agree that the use of a percentage drop is needed given that the original ANP paper is vague about the stopping criteria. However, I think this stopping criteria should only consider ACC as the ASR after each round would not be accessible to the defender. Given that ANP assumes access to clean data only, a defender can only measure the ACC around each round and therefore it alone should inform stopping rather than ACC and ASR. Note, that this is how the current FP implementation is currently designed. While the current implementation of ANP is unlikely to produce significantly different results, it might be possible for ASR to increase after several rounds (this is shown in some of the figures in the ANP paper). As a result, the current criteria would bias the selected model to be the one with the lowest ASR that also satisfies the ACC accuracy drop criteria, which is problematic given that ANP assumes access to clean data only.
Hopefully, this makes sense. Please let me know if I am missing something.
from backdoorbench.
Hi WhoDunnett,
Thank you for getting back to me. I think ASR should not be obtained in the previous ANP method. We will also modify this criterion in later versions. You can now use python ./defense/anp.py --pruning_number xx
to set the threshold of ANP.
from backdoorbench.
Related Issues (20)
- Errors when we execute shell script
- LC attack source HOT 1
- missing resource
- Cannot generate poison data in SSBA algorithm HOT 5
- can not generate trigger for low frequency attack HOT 2
- Target Class of Label-Consistent in the Google Drive
- 您好,很敬佩该工作对于后门攻击的总结。 想请问下为什么 v1 里的 ft_attack 频域后门攻击 在v2 里被移除了呢
- How to use this library in an incremental manner? HOT 1
- Poison Index Selection - Clean label case HOT 3
- bpp attack source HOT 2
- Backdoor OneDrive Access Unavailable HOT 5
- About Missing Clean Model for TrojanNN Attack Implementation HOT 2
- RuntimeError: DataLoader worker (pid(s) 35464) exited unexpectedly HOT 1
- How can i use the Vit model.pt ? HOT 1
- can not generate trigger using low frequency attack for resnet18 HOT 1
- low test acc in the lira attack experimental HOT 1
- Is there an error in the calculation of outlier score in spectral.py HOT 2
- Model Zoo and Onedrive link cannot be accessed HOT 4
- CTRL
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backdoorbench.