search

aks2203 / poisoning-benchmark

A unified benchmark problem for data poisoning attacks
https://arxiv.org/abs/2006.12557
MIT License
146 stars 21 forks source link

On HTBD Evaluations #11

Closed bymavis closed 2 years ago

bymavis commented 2 years ago

Hi all, I have some doubts on the poison_test.py for all attack methods. I think HTBD should be evaluated on the images from source category added with a trigger. Could you please help check this?

aks2203 commented 2 years ago

Hi there,

Could you clarify for me a little bit. Is something missing or incorrect?

Avi

bymavis commented 2 years ago

Yes. I mean that when evaluating HTBD attack, I think the ASR should be calculated on the images (from the source category) which are added with one trigger. But according to Line 58 in 'poison_test.py', it seems that only target images are evaluated for ASR.

aks2203 commented 2 years ago

I think we may use different vocabulary in the code than the original HTBD authors used in their paper. In our code, the term "target image" refers to the image the attacker hopes to misclassify.

Does that clear things up?

bymavis commented 2 years ago

Yes. Thanks for your kind reply.