Yiming Li

icon indicating a website link http://liyiming.tech

icon location Research Fellow, NTU Previous Research Professor, ZJU Working on Trustworthy ML/GenAI

Results 16 comments of Yiming Li

[Defense] Randomized Smoothing need modification and some naive transformation methods

> The current Randomized Smoothing is a generic method, that we use the averaged logits of samples from Gaussian distribution as the prediction result. However, according to [Certified Adversarial Robustness...

[Defense] Randomized Smoothing need modification and some naive transformation methods

> @THUYimingLi I think I won't be able to add those spatial transformation methods recently... > > And I will not change the order of adding marks as #49 illustrates....

Questions about the low benign accuracy on CIFAR-10 and GTSRB dataset of Blind Backdoor

> Hey Yiming, let me double check, I tried to simplify the API and might have broken something. Thank you for your helps and looking forward to your results :)

Questions about the low benign accuracy on CIFAR-10 and GTSRB dataset of Blind Backdoor

> I think my config for cifar confused pre-trained models, but I think simply using a fixed scale and not MGDA will work better. Thanks for your response. I just...

ISSBA后门攻击没办法获取中毒测试数据集。

> ISSBA后门攻击类里, def get_poisoned_dataset(self): 没办法获取中毒数据集呀,数据中毒代码在训练函数里面糅合,想测试在ISSAB上的防御该怎么获取中毒数据集呢。 请参考 https://github.com/THUYimingLi/BackdoorBox/blob/main/tests/test_ISSBA.py 中的代码,你需要先训练模型再get_poisoned_dataset,因为ISSBA是一种需要操纵训练而非poison-only的后门攻击方法

ISSBA后门攻击没办法获取中毒测试数据集。

> 感觉先训练模型在get_poisoned_dataset还是不太恰当呀,毕竟我测试防御方法时是只想获取中毒数据集,后门模型已经训练好了。难道说每次获取数据集都要重新训练一个ISSBA后门模型吗。老师 你第一次get后存下来到本地即可,下次只需要load就好了

User Manual

> Hi! We are really interested in your paper. It's mentioned that even without User Manual, it's very easy to test any attack methods under the subfolder "tests". However,when we...

关于Spectral的一点问题

> Spectral中计算tp,tn,fp,fn这些使用的不是sklearn而是开发者自己写的compute_metric.py,请恕我才疏学浅理解不能。 **``` def compute_confusion_matrix(precited,expected): predicted = np.array(precited,dtype = int) expected = np.array(expected,dtype = int) part = precited**expected # 对结果进行分类,亦或使得判断正确的为0,判断错误的为1 > > ``` > 且不论precited和predicted分别是什么(说到底precited是哪国语言?),是否可以使用通用一点的方法做异或计算?事实上我用spectral所得出的实验数据完全离谱,tp+fn既不是投毒样本量也不是干净样本量。 > > 另:我用badnets对cifar10投毒,并以test_Spectral.py中的代码执行过滤,最终tp=58, tn=46473, fp=1027,...

Some doubts about the outcome of the attack

> Hello, I found a phenomenon in the training log after running the test_BadNets.py file in the tests folder that makes me wonder, the Top-1 accuracy in "Test result on...

Some doubts about the outcome of the attack

> 晚上好,不好意思打扰您,我已经上传了运行的代码(就是对backdoorbox中test/test_BadNets.py进行了一些删减,使得他只进行cifar10在resnet18上的训练)和我一次运行过程中的日志,在训练过程中,发现日志内的Top-1 correct / Total: 1000/10000始终没有变过,就有一点困惑,也改过batch_size等参数,但也没有变化。同时,谢谢您对我有关“The second line ”的指正。 ------------------ 原始邮件 ------------------ 发件人: "THUYimingLi/BackdoorBox" ***@***.***>; 发送时间: 2024年10月25日(星期五) 晚上7:40 ***@***.***>; ***@***.******@***.***>; 主题: Re: [THUYimingLi/BackdoorBox] Some doubts about the outcome of the attack (Issue #82) Hello, I...