Open houndpan opened 4 months ago
ziqi-zhang
commented
4 months ago The insight is that the weight distribution should be similar between models, so we use the weight information of a public model to recover the permutate. For example, we can use the pretrained model on the Internet and compare that model with the target model to recover the permutate.
MaverickPigoo
commented
4 months ago Is there available code that corresponds to the recovery of the filter permutation during your attack on ShadowNet?
houndpan
commented
4 months ago What methods can be employed to assess the similarity between two kernels? Can statistical metrics be utilized for this purpose? However, the permutation of channel orders poses a challenge, rendering many statistical metrics ineffective, such as cosine similarity.
If possible, could you provide some reference papers that address this issue?
I was impressed by the approach outlined in Appendix D for removing the kernel mask. However, I'm still unclear about how to handle channel order permutations. Could you please provide some guidance on how to address this?