purduepaml / trojannn Goto Github PK

Thanks for the great work!

Is there a way to extract the ground-truth labels for the training data images? I am specifically interested in the VGGFace and Age recognition datasets.

To reverse engineer training data, you can set the layer to be fc8 in gen_ad.py and comment code to mask gradient in act_max.tvd.center_part.py.

It does not work to reverse engineer training data....
Which code exactly should I comment to reverse engineer training data?

Hi. Great work. Found this repository quite replicate-able :)

However, I am unable to recreate the square trigger (models/face/fc6_1_81_694_1_1_0081.jpg) with act_max.tvd.center_part.py. Perhaps a clue is that I am getting a too small abs mean print out consistently through almost all iterations of creating trigger.

My setup:

settings.py (used by act_max.tvd.center_part.py):

caffe_root = '/path/to/caffe'
model_path = "/path/to/vgg_face_caffe/VGG_FACE.caffemodel"
# add  'force_backward: true' in the prototxt file otherwise the caffe does not do backward computation and gradient is 0
model_definition   = '/path/to/vgg_face_caffe/VGG_FACE_deploy.prototxt'
gpu = False

Calling with same parameters as the square trigger you provided (models/face/fc6_1_81_694_1_1_0081.jpg):

$ python act_max.tvd.center_part.py 81 triggerimage fc6 0 1 1 1 694
...
iter: 633        unit: 2230 [13.83]      obj: 81 [2.69]
('gradient', 0.0)
too small abs mean
iter: 634        unit: 2230 [13.83]      obj: 81 [2.69]
('gradient', 0.0)
too small abs mean
iter: 635        unit: 2230 [13.83]      obj: 81 [2.69]
('gradient', 0.0)
too small abs mean
iter: 636        unit: 2230 [13.83]      obj: 81 [2.69]
('gradient', 0.0)
too small abs mean
iter: 637        unit: 2230 [13.83]      obj: 81 [2.69]
...

Outcome:

Expected:

need help

Dear Author,

Thanks for sharing us your code.

I have tried your code on the Face Recognition DNN model. However I cannot get the reversed image as the gradient is always 0. I have set the image reverse layer to fc8 and filter_shape to 0. I also started at the average image.

Do you know what might be the possible cause?
Thanks.

we are replicating you results, but the trigger generation part always return high loss trigger pattern. Could you please provide the code for train and neuron selection ?

this is my implementation part of selecting neuron in torch:

if isinstance(net.getattr(layer_name), torch.nn.modules.Linear): #weight is (n,m)
connect_level = torch.abs(net.getattr(layer_name).weight).sum(1) # if is a matrix, then all rows is summed.
elif isinstance(net.getattr(layer_name), torch.nn.modules.Conv2d): #weight is (c_out, c_in, h, w)
connect_level = torch.abs(net.getattr(layer_name).weight).sum([1,2,3])

Hi,

Thank you for sharing the Face Recognition Trojaned models. I work with Tensorflow or Keras, so I am trying to transform them into one of those. There is no Caffe -> Keras translation, and the repositories for converting Caffe to Tensorflow are 4 years old. Is it possible to share the VGG wm and square models in Tensorflow or Keras or how to acquire the corresponding Keras or Tensorflow models?

Thank you.

Hi , I'm trying out the attitude section and encountered this error. Would be glad if you could assist.

$ python process_data.py GoogleNews-vectors-negative300.bin
loading data...
Traceback (most recent call last):
  File "process_data.py", line 130, in <module>
    revs, vocab = build_data_cv(data_folder, cv=10, clean_string=True)
  File "process_data.py", line 15, in build_data_cv
    with open(pos_file, "rb") as f:
IOError: [Errno 2] No such file or directory: 'trec_5500_trim.label'

Hi,

This is a great work and thanks for sharing code.

In act_max.tvd.center_part.py, I think octaves hyperparams are used for denoise purpose. But I don't quite understand it. Could you please explain a little bit about it? Do I need to change these params when layers or neurons changes?

Looking forward to your reply.
Thanks