Hi, dear author! I used torch to reproduce the backdoor attack paper "Backdoor attacks and defenses in feature-partitioned collaborative learning", but my attack success rate of backdoor attacks on the mnist dataset is only about 10%. My code seems to be similar to the paper you introduced, but I don’t know if I have overlooked important details. Can you give me some suggestions for my code, thanks!
Below is my code:
"""
内容:复现论文《Backdoor attacks and defenses in feature-partitioned collaborative learning》的梯度替换后门攻击方法
人员:Rongchang
"""
import os
os.environ["CUDA_VISIBLE_DEVICES"] = "2"
导入包
import torch
import torch.nn.functional as F
from torch import nn, optim
from torch.utils.data import DataLoader
import torchvision
import matplotlib.pyplot as plt
import copy
import numpy as np
import torch
from torch.utils.data import Dataset
from torchvision import transforms
from tqdm import tqdm
def forward(self, x):
# x = torch.cat(tuple(x), dim=1)
# x = self.d1(x)
# x = self.d2(x)
x = F.softmax(torch.add(x[0],x[1]), dim=1)
return x
import copy
training_mode_list = ['backdoor','backdoor_with_amplify_rate_10']
result_list = []
for indx in range(len(training_mode_list)):
result_list.append([])
被动方检查当前批数据是否包含攻击样本
def need_poison_down_check(images):
need_poison_list = [True if images[indx,25,25]>240 and \
images[indx,26,26]>240 and \
images[indx,25,27]>240 and \
images[indx,27,25]>240 else False\
for indx in range(len(images))]
return np.array(need_poison_list)
sample_id_need_copy = 1
EPOCHS = 50
number_of_times = 1
训练模式
mode_need_train_list = ['backdoor']
for t in range(number_of_times):
for indx in range(len(training_mode_list)):
Hi, dear author! I used torch to reproduce the backdoor attack paper "Backdoor attacks and defenses in feature-partitioned collaborative learning", but my attack success rate of backdoor attacks on the mnist dataset is only about 10%. My code seems to be similar to the paper you introduced, but I don’t know if I have overlooked important details. Can you give me some suggestions for my code, thanks!
Below is my code:
""" 内容:复现论文《Backdoor attacks and defenses in feature-partitioned collaborative learning》的梯度替换后门攻击方法 人员:Rongchang """
import os os.environ["CUDA_VISIBLE_DEVICES"] = "2"
导入包
import torch import torch.nn.functional as F from torch import nn, optim from torch.utils.data import DataLoader import torchvision import matplotlib.pyplot as plt import copy import numpy as np import torch from torch.utils.data import Dataset from torchvision import transforms from tqdm import tqdm
device = torch.device("cuda") if torch.cuda.is_available() else torch.device("cpu") print(device) import warnings warnings.filterwarnings("ignore") np.random.seed(123)
原始数据导入
train_transform = transforms.Compose([transforms.ToTensor()]) test_transform = transforms.Compose([transforms.ToTensor()]) trainset = torchvision.datasets.MNIST(root='Mnist/data', train=True, download=True, transform=train_transform) train_loader = torch.utils.data.DataLoader(dataset=trainset, batch_size=128, shuffle=True) testset = torchvision.datasets.MNIST(root='Mnist/data', train=False, download=True, transform=test_transform) test_loader = torch.utils.data.DataLoader(dataset=testset, batch_size=128, shuffle=False)
train_labels = trainset.targets test_labels = testset.targets trainset = trainset.data testset = testset.data
import random import copy
%%
import torch.nn as nn
定义模型
class VFLPassiveModel(nn.Module): def init(self): super(VFLPassiveModel, self).init() self.conv = nn.Conv2d(1, 6, 5, 1, 2) self.pooling = nn.MaxPool2d(2, 2) self.d1 = nn.Linear(588,10)
mnist数据集对应的服务器模型是不进行训练的
class VFLActiveModel(nn.Module): def init(self): super(VFLActiveModel, self).init() self.d1 = nn.Linear(64,32) self.d2 = nn.Linear(32, 10)
import copy training_mode_list = ['backdoor','backdoor_with_amplify_rate_10'] result_list = [] for indx in range(len(training_mode_list)): result_list.append([])
被动方检查当前批数据是否包含攻击样本
def need_poison_down_check(images): need_poison_list = [True if images[indx,25,25]>240 and \ images[indx,26,26]>240 and \ images[indx,25,27]>240 and \ images[indx,27,25]>240 else False\ for indx in range(len(images))] return np.array(need_poison_list)
sample_id_need_copy = 1
EPOCHS = 50 number_of_times = 1
训练模式
mode_need_train_list = ['backdoor'] for t in range(number_of_times): for indx in range(len(training_mode_list)):
设置训练模式
%%
experiment results:
poison number 600 epoch: 9, loss is 0.011629524425665538 epoch: 9, testing acc is 0.9759 epoch: 9, testing asr is 0.1001
Best, Rongchang