Comments (3)
CHR-ray
commented on July 22, 2024
Hello WhoDunnett,
I actually considered this question before. The main concern is that if we use this definition, the poisoning ratio for dirty-label and clean-label would be based on different totals, which I believe would lead to some degree of ambiguity. So, I did not adopt this definition for attacks on clean-label. In order to maintain consistency in parameter definition, I sacrificed some convenience.
from backdoorbench.
WhoDunnett
commented on July 22, 2024
Hi Ray,
Thank you for your reply. I do see how this could create confusion. However, I do believe this is how the poisoning ratio was defined by the authors of the SIG attack. In addition, it creates issues when the pratio multiplied by the length of the dataset is greater then the length of the number of samples in the given class. The reason I mention this is because I ran into this problem when using GTSRB.
from backdoorbench.
CHR-ray
commented on July 22, 2024
Hello WhoDunnett,
I agree with you that this is the poisoning ratio was defined by the authors. However, since all record and files are now saved with our pre-defined poisoning ratio, I do not think changing the implementation now is a good idea. So, I will add an explanation for all clean-label attack methods to avoid any further possible confusion. And sorry for inconvenience in applying these clean-label attack methods with GTSRB, you can first get the ratio of target class samples / all samples, and then calculate the poisoning ratio. As I have said before, In order to maintain consistency in our benchmark definition for all different attack methods, I sacrificed some convenience.
from backdoorbench.
Related Issues (20)
- Hyperparameter --lr_finetuning_init and --lr_unlearning_init seems to be not used in ./defense/abl/abl.py HOT 2
- concern about backdoor_generate_pindex.py HOT 2
- v2.0 run scripts
- Results for Tiny Imagenet HOT 1
- A data loading problem of LC attack HOT 2
- fine-pruning is missing HOT 1
- Bugs in WaNet All2All Attack HOT 1
- the data of leaderboard(asr of blended to nad) HOT 2
- Attack my own datasets made with videos. HOT 1
- Errors when we execute shell script
- LC attack source HOT 1
- missing resource
- Cannot generate poison data in SSBA algorithm HOT 5
- can not generate trigger for low frequency attack HOT 2
- Target Class of Label-Consistent in the Google Drive
- 您好,很敬佩该工作对于后门攻击的总结。 想请问下为什么 v1 里的 ft_attack 频域后门攻击 在v2 里被移除了呢
- How to use this library in an incremental manner? HOT 1
- Implementation issue with ANP HOT 3
- bpp attack source HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from backdoorbench.