experiment on imagenet100

[luoyuchenmlcv]

Hi, thanks for presenting your great work here! I successfully reproduce your result on cifar10 dataset with expected high ASR, around 80%. However, when I am trying to transfer your attack on imagenet100 dataset (without down-sampling to 64*64), I use your code without any changes (window size=32, pos_list = [(15,15), (31,31)] magnitude=100) to generate poison samples in poisoning rate 1%, but the attack is unsuccessful with very low ASR. Do you have any suggestions? Thanks!

[meet-cjli]

Hi, I only evaluated CTRL on the ImageNet100 (64 $\times$ 64). However, I believe that it also works on the un-downsampling version. Different from supervised backdoor attacks, the backdoor attacks on SSL are more sensitive to trigger strength: both stronger or weaker triggers can make the attack fail. I suggest you try a suitable trigger strength (e.g., adjusting the magnitude). You can start with a reasonably strong trigger, and then gradually decrease it to get a suitable trigger strength, which can balance the stealthiness and ASR.

[luoyuchenmlcv]

Thanks for your reply, if possible, could you provide hyper parameters, such as window size, pos_list, magnitude for imagenet100 (64x64) ?

[meet-cjli]

Hi, you can use the default setting or slightly increase the magnitude to make the attack more stable. The ASR should be ~40%.

[luoyuchenmlcv]

Thanks! I have sort out and reproduced your result!

[cinout]

Dear author,

Hi. I also want to use your trigger on ImageNet-100. I want to scale the images to resolution of *224224. In this case, what would be the recommended values for window size, pos_list, magnitude**?

Thank you.