JonasGeiping
commented
2 years ago Hi Philip,
I agree with these steps, this is also my (rough) understanding of how this regularizer should work. From a code perspective, the main obstacle is that the group regularizer circumvents the existing code in optimization_based_attack.py, which is written to run sequential trials that each recover a batch of images, but not simultaneous recovery of a group of batches of images.
Work on this issue would be greatly appreciated and I would be very interested in merging it into the main branch. You would probably want to subclass optimization_based_attack.py and replace the tooling in _run_trial to add support for this regularizer.
Best, Jonas
Problem and context
As I am working on extending gradient inversion attacks, I came across this wonderful library. In an attempt to reproduce Yin. et al paper, I found out about the missing regularization term (as per title) in the final Notes of the
breaching/examples/See through gradients [...].ipynb. I would like to try and reproduce the results of Yin et al. in order to provide baselines for comparison against other regularization metrics. The main obstacle in implementing this term seems to be a cluttered description of it in Section 3.4 of the above mentioned paper.Steps towards solution
Regardless of the actual value of \alpha_{group} (not disclosed by the authors, as far as I know) I believe a possible implementation of the GroupRegistration regularization term can be achieved in the following few steps:
To my understanding, this is the meaning of Section 3.4 and the plot in Figure 3 of the above mentioned paper.
Additional comments
My research would benefit from having this component implemented, and I believe it could have a broader impact in giving the possibility to reproduce one of the SOTA results in gradient inversion attacks to other researchers as well. For this reason I would like to take on this issue. Disclaimer: This would be my first contribution to a public, research repository.