search

hkunzhe / label_consistent_attacks_pytorch

A minimal PyTorch implementation of Label-Consistent Backdoor Attacks
MIT License
27 stars 2 forks source link

About Train an Adversarially Robust Model #2

Closed clee-jaist closed 1 year ago

clee-jaist commented 1 year ago

Hi author,

I am going to reproduce this repository. But, I would like to why need to 'Train an Adversarially Robust Model' first. Why not use the original resnet and PGD attack to generate attacked images? Because I found the LR author did like this.

Thank you so much.

hkunzhe commented 1 year ago
  1. Please refer to Sec4 in the original paper for details.
  2. What specifically do you mean by "the LR author"?
clee-jaist commented 1 year ago
  1. Please refer to Sec4 in the original paper for details.
  2. What specifically do you mean by "the LR author"?

Thank you for your reply. I will check the PGD paper. And LR author means the author of label-consistent backdoor attacks.

hkunzhe commented 1 year ago
  1. Please refer to Sec4 in the original paper for details.
  2. What specifically do you mean by "the LR author"?

Thank you for your reply. I will check the PGD paper. And LR author means the author of label-consistent backdoor attacks.

The original paper I mentioned is Label-Consistent Backdoor Attacks. In Sec4.3:

In fact, we will use perturbations based on adversarially trained models (Madry et al., 2018) since these perturbations are more likely to resemble the target class for large $\epsilon$.

clee-jaist commented 1 year ago

It is more clearly now. I think I made a mistake before. Anyway, thank you so much for your help.