BadDet Regional Misclassification Attack Bug Fix #2110
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Upon further investigation of the BadDet attacks in the supplemental materials, the Regional Misclassification Attack (RMA) should be able to poison all bounding boxes regardless of the class type.
To address this bug/missing feature, the
source_class
parameter forBadDetRegionalMisclassificationAttack
has been changed to additionally acceptNone
(or just be left blank). Therefore, if no source is provided then all classes will be poisoned. Otherwise, if the source is provided then only that class will be poisoned. This will implement the missing feature and keep additional functionality for single class poisoning.The BadDet demo in
notebook/poisoning_attack_bad_det.ipynb
has been updated to show this new feature.Fixes #2111
Type of change
Testing
Please describe the tests that you ran to verify your changes. Consider listing any relevant details of your test configuration.
Test Configuration:
Checklist