Dear Sir/Madam, thanks for your great work! I'm trying to re-implement the same results that you show on the Trojanzoo paper. However, I'm confused about the res of ESB in Table4. Could you please tell me how you generate the validate target dataset for ESB method? Cause it requires the specific triggers while these triggers don't exist in the trojanvision/marks dir.

This is Ren Pang (♂). Here is the method that generates black/white triggers for ESB attack. Basically, for 3*3 pixel triggers, it generates all combinations (select_point pixels are black, others are white). Shuffle them and pick the first (num_classes + 1) triggers to train the small classifier (the auxiliary 1 is the class of clean data). After training, all classes will be embedded with their unique triggers.

The mark_path argument passed to Watermark class will be ignored, since ESB requires its unique watermark settings. In paper, we compare ESB and other attacks under same transparency and trigger size.

But to note that, even though ESB in current repo works already, I'm currently preparing codes and docs for TrojanZoo publication in EuroS&P. ESB is not finished yet and it will surely get changed. Upon your request, I may work on it today and hopefully finish the docs and new codes.

And another thing you may feel interested, the original author of ESB previously complained to me about the low successful rate on transparent trigger cases. He proposed that I should change the training process to make it work, but I haven't applied his suggestion yet. See #46 for more details.

Please ignore all previous replies and read the new docs:

https://ain-soph.github.io/trojanzoo/trojanvision/attacks/backdoor.html#trojanvision.attacks.TrojanNet

@5RJ I'll close this issue if you have got things solved.
The updated TrojanNet docs should have a clear illustration.

You may click [source] to jump to corresponding codes on GitHub.

Feel free to reopen the issue and ask me questions.