Question about dataset poison.
Closed this issue · 2 comments
In the poisoned_mujoco_xxx.py files, where xxx represents the algorithm name, there are two lines of code used to replace the clean data samples with poisoned data samples:
train_episodes, test_episodes = train_test_split(dataset, test_size=args.poison_rate, shuffle=False)
train_poison_episodes, test_poison_episodes = train_test_split(poison_dataset,
train_size=args.poison_rate,
shuffle=False)
I have two questions.
- It seems the poisoned data samples are not randomly selected but a certain percent of data from the beginning is selected given that the train_test_split function without shuffle divides the train and test set in its original order. For example, if poison_rate is 0.1, then the first 10% of the data samples are selected to be poisoned, is that correct?
- It looks the second line of code select the first 10% of data samples to poison, but the first line of code chooses to drop the last 10% of data samples, and the poisoned data samples from the first 10% actually replace the last 10% clean data samples, this is not aligned with the paper. From the paper, the poisoned data samples should replace themselves instead of other clean data samples, is that correct? If yes, the argument of the second line of code should be test_size=args.poison_rate, or the argument of the first line of code should be train_size=args.poison_rate, right?
For the first question, it is correct.
You’re right about the second question! It should be test_size=args.poison_rate. This code is indeed used for adding poisoned data directly to the clean dataset as demonstrated in RQ1; we overlooked the need to change them afterward. Thank you for your reminder. Please feel free to change them.
Thank you for your clarification!