adaptive

index.html

@@ -39,17 +39,14 @@
         e.preventDefault();
         if (!$(this).hasClass('selected')) {
 
-            console.log('event')
             $('.formula').hide(200);
             $('.formula-list > a').removeClass('selected');
             $(this).addClass('selected');
             var target = $(this).attr('href');
-            // alert(target)
-            console.log(target)
             $(target).show(200);
         }
     });
-    
+
   })
   </script>
 
@@ -253,15 +250,11 @@
   <div class="container is-max-desktop">
     <h2 class="title is-3">Neighborhood Relations of Benign Examples and AEs</h2>
     <div class="columns is-centered">
-      <div class="column container-centered is-four-fifths">
+      <div class="column container-centered">
           <img src="./static/images/relations.jpg" alt="Neighborhood Relations of Benign Examples and AEs"/>
-      </div>
-    </div>
-    <div class="columns is-centered">
-      <div class="column has-text-justified is-four-fifths">
-        <p>
-          <strong>Figure 1. Neighborhood Relations of Benign Examples and AEs.</strong>
-        </p>
+          <p>
+            <strong>Figure 1. Neighborhood Relations of Benign Examples and AEs.</strong>
+          </p>
       </div>
     </div>
     <div class="columns is-centered">
@@ -422,6 +415,23 @@
 
   <div class="container is-max-desktop">
     <h2 class="title is-3">Adaptive Attack</h2>
+
+    <div class="columns is-centered">
+      <div class="column has-text-justified">
+        <p>
+          Attackers can design adaptive attacks to try to bypass BEYOND when the attacker knows all the parameters of the model 
+          and the detection strategy. For an SSL model with a feature extractor $$f$$, a projector $$h$$, and a classification head $$g$$, 
+          the classification branch can be formulated as $$\mathbb{C} = f\circ g$$ and the representation branch as $$\mathbb{R} = f\circ h$$. 
+          To attack effectively, the adversary must deceive the target model while guaranteeing the label consistency and representation similarity of the SSL model. 
+
+          where $$\mathcal{S}$$ represents cosine similarity, $$k$$ represents the number of generated neighbors, 
+          and the linear augmentation function $$W(x)=W(x,p);~p\sim P$$ randomly samples $$p$$ from the parameter distribution $$P$$ to generate different neighbors. 
+          Note that we guarantee the generated neighbors are fixed each time by fixing the random seed. The adaptive adversaries perform attacks on the following objective function:
+
+          where $$\mathcal{L}_C$$ indicates classifier's loss function, $$y_t$$ is the targeted class, and $$\alpha$$ refers to a hyperparameter.
+      </div>
+    </div>
+
     <div class="columns is-centered">
       <div class="column container-centered">
         <div id="adaptive-loss-formula" class="container">
@@ -435,17 +445,17 @@
             <span id="label-loss" class="formula" style="">
               $$
               \displaystyle 
-              Loss_{l} = \frac{1}{k} \sum_{i=1}^{k} \mathcal{L}\left(\mathbb{C}\left(W^i(x+\delta)  \right), y_t\right)
+              Loss_{label} = \frac{1}{k} \sum_{i=1}^{k} \mathcal{L}\left(\mathbb{C}\left(W^i(x+\delta)  \right), y_t\right)
               $$
             </span>
             <span id="representation-loss" class="formula" style="display: none;">
               $$
               \displaystyle
-              Loss_{r} = \frac{1}{k} \sum_{i=1}^{k}\mathcal{S}(\mathbb{R}(W^i(x+\delta)), \mathbb{R}(x+\delta))
+              Loss_{repre} = \frac{1}{k} \sum_{i=1}^{k}\mathcal{S}(\mathbb{R}(W^i(x+\delta)), \mathbb{R}(x+\delta))
               $$
             </span>
             <span id="total-loss" class="formula" style="display: none;">
-              $$\displaystyle \mathcal{L}_C(x+\delta, y_t) + Sim_l - \alpha \cdot Sim_{r}$$
+              $$\displaystyle \mathcal{L}_C(x+\delta, y_t) + Loss_{label} - \alpha \cdot Loss_{repre}$$
             </span>
           </div>
           </div>