Project work done on the "Poisoning the Unlabeled Dataset of Semi-Supervised Learning" paper.
This is a Semi-supervised learning model (Ladder Network) that recognizes the digits in the MNIST database. Following, a few attacks were executed with the target of misclassifying 4s with 9s.
| Test Accuracy | 9s misclassified as 4s | 4s misclassified as 9s | |
|---|---|---|---|
| Supervised model | 98.88% | 0.4% | 0.5% |
| Non-poisoned model | 95.46% | 2.3% | 2.7% |
| Latent space model 3% | 92.90% | 0.9% | 9.3% |
| Image space model 3% | 89.04% | 11.8% | 47.6% |
| Image space model 1% | 94.21% | 1.7% | 3.1% |
The project has 2 folders:
confusion_matrices, which contains the confusion matrix of each attack run;poisoned_data, which contains the poisoned data used for the attacks;
The code is separated in 3 files:
interpolation.py, which creates the poisoned dataset;ladder_net.py, which defines the Semi-supervised learning model;mnist_example.py, which trains and poison the model;