You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As I am working on extending gradient inversion attacks, I came across this wonderful library. In an attempt to reproduce Yin. et al paper, I found out about the missing regularization term (as per title) in the final Notes of the breaching/examples/See through gradients [...].ipynb. I would like to try and reproduce the results of Yin et al. in order to provide baselines for comparison against other regularization metrics. The main obstacle in implementing this term seems to be a cluttered description of it in Section 3.4 of the above mentioned paper.
Steps towards solution
Regardless of the actual value of \alpha_{group} (not disclosed by the authors, as far as I know) I believe a possible implementation of the GroupRegistration regularization term can be achieved in the following few steps:
Create a dummy image x_g, for all g in G
Compute the per-pixel average over |G| and call it target image x_t
Compute the registration F(x_g, x_t), i.e. the linear transformation that matches certain features of x_g with x_t. Do it for every g in G. The feature matching/transformation function F is based on RANSAC-flow.
Average all the F(x_g, x_t) over g in G and call it E[x_g]
Compute the 2-norm of the difference between x_g and E[x_g].
To my understanding, this is the meaning of Section 3.4 and the plot in Figure 3 of the above mentioned paper.
Additional comments
My research would benefit from having this component implemented, and I believe it could have a broader impact in giving the possibility to reproduce one of the SOTA results in gradient inversion attacks to other researchers as well. For this reason I would like to take on this issue. Disclaimer: This would be my first contribution to a public, research repository.
The text was updated successfully, but these errors were encountered:
I agree with these steps, this is also my (rough) understanding of how this regularizer should work. From a code perspective, the main obstacle is that the group regularizer circumvents the existing code in optimization_based_attack.py, which is written to run sequential trials that each recover a batch of images, but not simultaneous recovery of a group of batches of images.
Work on this issue would be greatly appreciated and I would be very interested in merging it into the main branch. You would probably want to subclass optimization_based_attack.py and replace the tooling in _run_trial to add support for this regularizer.
Closing this for now, but feel free to reopen this with more questions, or open a pull-request with an implementation suggestion for group sparsity regularization!
Problem and context
As I am working on extending gradient inversion attacks, I came across this wonderful library. In an attempt to reproduce Yin. et al paper, I found out about the missing regularization term (as per title) in the final Notes of the
breaching/examples/See through gradients [...].ipynb
. I would like to try and reproduce the results of Yin et al. in order to provide baselines for comparison against other regularization metrics. The main obstacle in implementing this term seems to be a cluttered description of it in Section 3.4 of the above mentioned paper.Steps towards solution
Regardless of the actual value of \alpha_{group} (not disclosed by the authors, as far as I know) I believe a possible implementation of the GroupRegistration regularization term can be achieved in the following few steps:
To my understanding, this is the meaning of Section 3.4 and the plot in Figure 3 of the above mentioned paper.
Additional comments
My research would benefit from having this component implemented, and I believe it could have a broader impact in giving the possibility to reproduce one of the SOTA results in gradient inversion attacks to other researchers as well. For this reason I would like to take on this issue. Disclaimer: This would be my first contribution to a public, research repository.
The text was updated successfully, but these errors were encountered: