-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: How is PTA calculated? #1
Comments
Hey, thanks for your interest in the paper! As for calculating This metric is widely used in the literature (sometimes referred to as Attack Success Rate) and accentuates the adversary's end goal of yielding the target label I should note that due the quality of the models and the choices of source class(es) and target class(es), the proposed metric and ours end up yielding almost identical results. As you point out the PTA at Let me know if you have any other questions, if not I'll close this issue. |
Thank you for the paper. I want to clarify how Poisoning Test Accuracy (PTA) is calculated in your paper. In particular, I want to ask if you accounted for the model's own mistakes independent of your attack. For example, in your main table, even with 0% corruption you reported a non-zero PTA. In those cases, did you check if without your trigger does the model still predict the target label? If so, it does not seem like it would be to the credit of the attack. I'd imagine a fair calculation of PTA would only count cases where the model predicted a true label but got flipped to the target label because of the trigger. My apologies if I missed this discussion in the paper.
The text was updated successfully, but these errors were encountered: