Thank you for your work and code!

After running the command

python train.py --dataset cifar10 --target_label 0 --gpu 0

we have tried to evaluate the performance of your detector with

python Beatrix.py --dataset cifar10 --gpu 0

limiting ourselves to only checking the effect of poisoning label 0.

In particular, we have changed this code to the following

if __name__ == "__main__":
    for seed_ in range (10):
        print('-'*50+'seed:', seed_)
        seed = seed_
        torch.manual_seed(seed)
        torch.cuda.manual_seed(seed)
        np.random.seed(seed)
        random.seed(seed)
        torch.backends.cudnn.deterministic = True

        opt = config.get_argument().parse_args()
        os.environ["CUDA_VISIBLE_DEVICES"] = opt.gpu
        for k in range(1):  # range(10):
            main(k)

to study the effect of different seeds on the performance.

From the attached log file, we have noticed that for some seeds, namely [3, 5, 7, 9] the value of the anomaly index for the target class 0 is not the highest.
Moreover, for some seeds, namely [0, 2, 3, 5, 7, 9], the anomaly index for class 0 appears to be below the threshold $e^2$ reported in the paper, resulting in missed detections.

These phenomena seem to appear more often than we expected.
Could you help interpreting this, and suggest what to change in case we are doing something wrong?

I have successfully run the Beatrix code to detect several backdoor attacks, but I'm still interested in how to visualize the result as shown in the Beatrix paper(especially Figure 5), could you please share more details? I really appreciate your help.
Best regards

Hi wanlun, i notice you use VGGFace dataset in your paper, but i can't find it in your code.
If you do test your code on VGGFace, could you send me the model you use for VGGFace and the dataset?
It may helps me a lot , thanks for your time!
Here is my email: [email protected]

Hey,

Thanks for making the code public.
The ln(R*) tested on my own dataset is often negative, which does not appear in your paper. Is this normal or if I make a mistake while executing the code?

Best regards.

Thank you for your work and code!
I noticed your code have mentioned about celeba dataset,so i tried to run the code on celeba dataset.When i run train.py, some config seems weird, like Clean Accuracy:0.000, Cross Accuracy:0.000.
When i run Beatrix.py, i set clean_data_perclass = 1, but there is some error:
RuntimeError: cannot reshape tensor of 0 elements into shape [0, 256, -1] because the unspecified dimension size -1 can be any value and is ambiguous.
I skipped empty data, but at last the J_t is empty.
I am a rookie in that area, if you are free, can you offer some help about this? Thanks for you time!
Here is my email: [email protected]

Hi, thank you for your well done work and sharing code with public~
However, when I tried to use your code to detect poison data by using my own IAD backdoor models(including mnist, cifar10, gtsrb), I got some results that seemed not very good. Specifically, the picture is the result of mnist and 2Conv+2Dense model, target class is 0 and I utilized the output of penultimate dense layer.
'true_positive_95' and 'true_positive_99' are computed according to your related code. (my IAD train and eval code is almost like yours)
I trained cifar10 and gtsrb on Resnet18 but also got bad results.(using the output of last conv layer)
Can you offer some help to me? :)