Examples for text + classification task about breaching HOT 5 CLOSED

A first step would be to load the whole cola config group, via case=cola. Does that get you somewhere?

I haven't looked at classification tasks in forever. In principle, the attack as described would also run against classification (the head of the model does not matter), but some tweaks to the code might be necessary to make it work.

from breaching.

Hi Jonas, thanks for the reply,

I included the "case/data=cola", but I got the same error. It was simple to solve, though. The reason is that
load_dataset("glue", "cola") already returns a Dataset. Thus, I changed, for now, in dataset_texts.py

raw_dataset = Dataset.from_dict({k: [v] for k, v in raw_datapoint.items()})

to

raw_dataset = raw_datapoint  # It is already a Dataset

However, I face later something I have no idea how to solve or tweak. The following assert in base_attack.py fails

assert len(bias_per_query[0]) == server_payload[0]["metadata"]["vocab_size"]

The bias_per_query[0] has length 768 (hidden layer size), whereas it was expecting 30522 (Bert's vocabulary size). If I comment the line (which I think is wrong), the code runs till the end, but all the tokens are predicted as CLS, so I think I should tweak something else. By any chance, would have any idea?

from breaching.

This is a problem, your decoder_bias_parameter_idx should be None, to indicate that your model does not have a decoder bias for every token (as it ends with a classification head). Also, make sure that embedding_parameter_idx points to the correct entry in the list of gradients, corresponding to the weights of the token embedding.

from breaching.

As a sanity check, you could also set token_strategy to None, which should be an okaish baseline, where no token info is used, and all found embeddings are matched against the full vocabulary.

from breaching.

Closing this for now. Let me know if you have more questions.

from breaching.