How to implement attack in single-chennel dataset

reds-lab / Narcissus

The official implementation of the CCS'23 paper, Narcissus clean-label backdoor attack -- only takes THREE images to poison a face recognition dataset in a clean-label way and achieves a 99.89% attack success rate.

https://arxiv.org/pdf/2204.05255.pdf

MIT License

100 stars 11 forks source link

How to implement attack in single-chennel dataset #7

Open outouser opened 9 months ago

outouser commented 9 months ago

Thank you for open-sourcing the code.I wonder how to perform attacks on single-channel datasets such as MNIST and Fashion-MNIST? Additionally, how does the selection of POOD apply in these cases? Thank you for your time and assistance.

pmzzs commented 8 months ago

For a single-channel dataset attack, I think is fine to use the same pipeline to generate the trigger by changing the model input to a single channel. For the dataset, as MNIST is a subset of the NIST dataset, use can use the other subset from the NIST dataset, or some similar datasets like EMNIST, USPS, etc.