Firstly, I'd like to express my gratitude for the exceptional work you've done; it provides remarkable insights into backdoor attacks and their intricacies.
I'm interested in understanding how the design of the 'secret' during the encoding stage (which is the initial stage of the attack process) might affect the effectiveness of the backdoor attack. From my understanding, it appears that we have considerable flexibility in creating the residual, without any significant impact on the training process.
Could you shed some light on this matter? Specifically, are there any constraints or key considerations when designing the 'secret' for the encoding phase, or can we truly utilize any arbitrary pattern that fulfills our requirements?
The pattern of secret is learned by the encoder-decoder model, thus it theoretically can be made in flexibility in a specific supervision. However, it can hardly be arbitrary, as it depends on the strucuture of the encoder-decoder model.
[yuezunli/ISSBA] Does the secret impact the performance of backdoor attack? (Issue #6)
Hi there,
Firstly, I'd like to express my gratitude for the exceptional work you've done; it provides remarkable insights into backdoor attacks and their intricacies.
I'm interested in understanding how the design of the 'secret' during the encoding stage (which is the initial stage of the attack process) might affect the effectiveness of the backdoor attack. From my understanding, it appears that we have considerable flexibility in creating the residual, without any significant impact on the training process.
Could you shed some light on this matter? Specifically, are there any constraints or key considerations when designing the 'secret' for the encoding phase, or can we truly utilize any arbitrary pattern that fulfills our requirements?
Thanks in advance for your assistance.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you are subscribed to this thread.Message ID: <yuezunli/ISSBA/issues/6@github.com>
yuezunli
commented
1 year ago 
Hi there,
Firstly, I'd like to express my gratitude for the exceptional work you've done; it provides remarkable insights into backdoor attacks and their intricacies.
I'm interested in understanding how the design of the 'secret' during the encoding stage (which is the initial stage of the attack process) might affect the effectiveness of the backdoor attack. From my understanding, it appears that we have considerable flexibility in creating the residual, without any significant impact on the training process.
Could you shed some light on this matter? Specifically, are there any constraints or key considerations when designing the 'secret' for the encoding phase, or can we truly utilize any arbitrary pattern that fulfills our requirements?
Thanks in advance for your assistance.