BackdoorBox icon indicating copy to clipboard operation
BackdoorBox copied to clipboard
Published 3 months ago verified publisher icon THUYimingLi

Blind攻击缺少参数

Open wenxian-ok opened this issue 1 month ago • 3 comments

首先非常感谢您的开源工作,工作非常出色。

但是,我在复现中遇到一个问题:

Image

这里报错,TypeError: adjust_learning_rate() missing 2 required positional arguments: 'step' and 'len_epoch'

Image

针对这个问题,我修改后:

Image

但存在的问题是ACC极低:

Image

请问这个该怎么解决?

wenxian-ok avatar Dec 07 '25 12:12 wenxian-ok

感谢您的反馈,我们初步定位应该是之前一次更新 base.py 时没有考虑兼容性导致目前出现 self.adjust_learning_rate 缺少参数的问题,希望你可以提供更多信息帮助我们解决这个问题:

  1. Attack_Blind.py具体的内容是什么?是否参考了我们tests/test_Blind.py中的相关示例?
  2. 目前Blind攻击的实验是在什么数据集上进行的?

MingyanZHU avatar Dec 08 '25 03:12 MingyanZHU

感谢您的反馈,我们初步定位应该是之前一次更新 base.py 时没有考虑兼容性导致目前出现 self.adjust_learning_rate 缺少参数的问题,希望你可以提供更多信息帮助我们解决这个问题:

  1. Attack_Blind.py具体的内容是什么?是否参考了我们tests/test_Blind.py中的相关示例?
  2. 目前Blind攻击的实验是在什么数据集上进行的?

是的,我参考了test_Blind.py中的示例: ''' This is the test code of poisoned training on GTSRB, CIFAR10, MNIST, using dataset class of torchvision.datasets.DatasetFolder torchvision.datasets.CIFAR10 torchvision.datasets.MNIST. The attack method is Blind. '''

import os from typing import Pattern import cv2 import torch import torch.nn as nn from torch.utils.data import Dataset, dataloader import torchvision from torchvision.transforms import Compose, ToTensor, PILToTensor, RandomHorizontalFlip from torchvision import transforms from torch.utils.data import DataLoader from torchvision.datasets import DatasetFolder, CIFAR10, MNIST import core

global_seed = 666 deterministic = True torch.manual_seed(global_seed)

alpha = torch.zeros(3, 32, 32) alpha[:, -3:, -3:] = 1. pattern = torch.zeros(3, 32, 32) pattern[:, -3:, -3:] = 1.

def show_dataset(dataset, num, path_to_save): """Each image in dataset should be torch.Tensor, shape (C,H,W)""" import matplotlib.pyplot as plt plt.figure(figsize=(20, 20)) for i in range(num): ax = plt.subplot(num, 1, i + 1) img = (dataset[i][0]).permute(1, 2, 0).cpu().detach().numpy() ax.imshow(img) plt.savefig(path_to_save)

# ===== Train backdoored model on CIFAR10 using with CIFAR10 =====

Prepare datasets

transform_train = Compose([ transforms.Resize((32, 32)), RandomHorizontalFlip(), ToTensor(), # transforms.Normalize((0.485, 0.456, 0.406), # (0.229, 0.224, 0.225)) ]) transform_test = Compose([ transforms.Resize((32, 32)), ToTensor(), # transforms.Normalize((0.485, 0.456, 0.406), # (0.229, 0.224, 0.225)) ]) trainset = CIFAR10( root='./data', # please replace this with path to your dataset transform=transform_train, target_transform=None, train=True, download=True) testset = CIFAR10( root='./data', # please replace this with path to your dataset transform=transform_test, target_transform=None, train=False, download=True)

blind = core.Blind( train_dataset=trainset, test_dataset=testset, model=core.models.ResNet(18), loss=nn.CrossEntropyLoss(), y_target=1, pattern=pattern, alpha=alpha, schedule=None, seed=global_seed, deterministic=deterministic, use_neural_cleanse=False, )

schedule = { 'device': 'GPU', 'CUDA_VISIBLE_DEVICES': '4', 'GPU_num': 1,

'benign_training': False,
'batch_size': 128,
# 'batch_size': 64,
'num_workers': 8,

'lr': 0.1,
'momentum': 0.9,
'weight_decay': 5e-4,
'gamma': 0.1,
'schedule': [50, 75],

'epochs': 100,

'log_iteration_interval': 100,
'test_epoch_interval': 10,
'save_epoch_interval': 10,

'save_dir': 'experiments/cifar10/ResNet18/Blind',
'experiment_name': 'train_poison'

}

Train backdoored model

blind.train(schedule) poisoned_trainset, poisoned_testset = blind.get_poisoned_dataset() show_dataset(poisoned_trainset, 5, 'cifar_train_poison.png') show_dataset(poisoned_testset, 5, 'cifar_test_poison.png')

===== Train backdoored model on CIFAR10 using with CIFAR10 (done)=====

我是在cifar10数据集上进行的,Attack_Blind.py代码我贴出来了,您看看如何解决这个问题?

wenxian-ok avatar Dec 08 '25 08:12 wenxian-ok

感谢您的反馈。

关于 Blind 方法,这是我们从第三方仓库移植并重构的实现。目前看来,该方法在部分场景下确实表现出了一定的不稳定性。

我们会安排时间对该模块进行排查和复现,但鉴于调试该方法的复杂性,可能需要一点时间。如有进一步的消息,我们会同步在这里。

MingyanZHU avatar Dec 09 '25 03:12 MingyanZHU