You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I want a clarification of which attack in the ART is Black box attack or White box attack?
When I read the documentation the parameter 'classifier' defined as : trained classifier , proxy classifier or classifier(neither trained nor proxy mentioned)
I believe that the trained classifier refers to a white box attack so the attack has the victim classification model that we want to poison its test dataset , whereas the proxy classifier refers to a backbox attack in which a general classifier model should be defined without training.
In the documentation, I noticed that, for example, GRAPHITE - Blackbox and GRAPHITE - whitebox have both classifier parameter defined as trained classifier!! Blackbox should perhaps use a proxy classifier??
I also tried to follow the examples and notebooks but some of the classifiers are trained before they pass to the attack model, although in the documentation the parameter 'classifier' defined as proxy classifier!!
I am confused which attack model needs trained classifier of the victim classification model, or maybe a trained classifier of the general classification model( any trained model), or proxy classifier without training.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi
I want a clarification of which attack in the ART is Black box attack or White box attack?
When I read the documentation the parameter 'classifier' defined as : trained classifier , proxy classifier or classifier(neither trained nor proxy mentioned)
I believe that the trained classifier refers to a white box attack so the attack has the victim classification model that we want to poison its test dataset , whereas the proxy classifier refers to a backbox attack in which a general classifier model should be defined without training.
In the documentation, I noticed that, for example, GRAPHITE - Blackbox and GRAPHITE - whitebox have both classifier parameter defined as trained classifier!! Blackbox should perhaps use a proxy classifier??
I also tried to follow the examples and notebooks but some of the classifiers are trained before they pass to the attack model, although in the documentation the parameter 'classifier' defined as proxy classifier!!
I am confused which attack model needs trained classifier of the victim classification model, or maybe a trained classifier of the general classification model( any trained model), or proxy classifier without training.
Can you clarify this for me please?
Best regards
Duaa
Beta Was this translation helpful? Give feedback.
All reactions