trojanNN question about the neuron selection #105
Comments
|
Definitely a bug. Let me fix it and retest the performance locally. |
|
Actually I don't see any clear performance difference. Well, it's now fixed. Command I use:
|
|
Just to clarify, in case you didn't notice. |
|
Thank you for fast reply.
But I still have some question
1. Do you implement the training with reverse engineering data + trigger ?
2. So, the neuron selection does not affect much? And I see that activation in your screenshot almost does not change.
Moreover, for Refool, I think your implementation is different from the paper.
In reflection selection part:
***@***.***
It takes a set of reflection to update their weight, but you take them one by one. I think this may not affect a lot. But I just want to know whether you test the difference between these two implementation?
Thanks.
On Mar 4, 2022, at 2:11 AM, Local State ***@***.******@***.***>> wrote:
Just to clarify, in case you didn't notice.
We have docs at https://ain-soph.github.io/trojanzoo/trojanvision/attacks/backdoor.html#trojanvision.attacks.TrojanNN
—
Reply to this email directly, view it on GitHub<#105 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASCAZHT7WSA6HDTIY5X3VTLU6D6GZANCNFSM5PZSZEFQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I've consulted the original author Yingqi Liu days ago to confirm:
|
|
Reflection Backdoor is implemented by others. I'll check it today, update codes and write docs. And could you illustrate the problem in more details? Btw, there is another 3rd party implementation from Tsinghua group: |
|
@CHR-ray I just checked the original Caffe implementation of TrojanNN. It seems they don't follow Algorithm 1 to generate their triggers:
|
|
I mean this part for reflection backdoor:
***@***.***
In line 59, you can see that you use the image one by one to train the model (one at a time) and update the weight, but just as screenshot, the algorithm 1 in Refool actually uses a set of random sampled images in that step, and update them simultaneously.
In Refool, it says:
***@***.***
***@***.***
On Mar 4, 2022, at 2:50 AM, Local State ***@***.******@***.***>> wrote:
Reflection Backdoor is implemented by others. I'll check it today, update codes and write docs.
And could you illustrate the problem in more details?
—
Reply to this email directly, view it on GitHub<#105 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ASCAZHWODS2X24SRE5O7BOLU6ECX5ANCNFSM5PZSZEFQ>.
Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
I will deal with Reflection Backdoor later. TrojanNN issue should have been solved. You may search https://github.com/ain-soph/trojanzoo/blob/main/trojanvision/attacks/backdoor/trojannn.py |
|
@CHR-ray Just want to tell you that reflection backdoor is already reimplemented and docs are finished as well. It is tested and the performance is good, |
In the original paper, the author say that "we pick the neuron that has the largest value of the sum of absolute weights ..."
But in trojannn.py, line 116 : "return weight.argsort(descending=False)[:self.neuron_num]" use the ascending order, is this a typo? or you reverse the sequence in other line?
The text was updated successfully, but these errors were encountered: