Using a custom model

[GorkaAbad]

Hi, Can I use a custom poisoned model for evaluating it against a defense, i.e., Neural Cleanse?

I'm trying to implement it with no success. I'm checking the documentation and the code but I cannot understand how to make it work. Can someone provide more info on this?

Thanks in advance

[ain-soph]

There are certain modules in trojanzoo workflow: dataset, model, mark, attack, defense.

Since you have already got a poisoned model, please import it in model module.

• If it's an existing model architecture (e.g., resnet18), you only need to import the weight parameters using model.load() (You may need to change layer names to get adapted to trojanzoo style.)
• If not, you need to register your own model class (one _ImageModel and another ImageModel, see how resnet works.)

Afterwards, you could use all existing defenses with setting attack as --attack badnet (it's okay that your attack is actually not badnet). You need to provide mark image or tensor to mark module to make sure the ASR validation is correct.

[GorkaAbad]

Okay, I think I make it work for my use case. However, I cannot see the anomaly score for my model when using Neural Cleanse. Is there anything similar in trojanzoo?

Thanks in advance

[ain-soph]

MAD is the anomaly score.

[ain-soph]

If you have no question, plz close this issue.