Update README.md

README.md

@@ -22,16 +22,16 @@ Currently, this toolbox is still under development (but the attack parts are alm
 |                                                    **Method**                                                   |       **Source**      | **Key Properties**                                         | **Additional Notes**                                                    |
 |:---------------------------------------------------------------------------------------------------------------:|:---------------------:|------------------------------------------------------------|-------------------------------------------------------------|
 |             [BadNets](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/BadNets.py)             |   Badnets: Evaluating Backdooring Attacks on Deep Neural Networks. [IEEE Access, 2019](https://ieeexplore.ieee.org/abstract/document/8685687).   | poison-only                                                | first backdoor attack                                       |
-|          [Blended Attack](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Blended.py)         |      Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. [arXiv, 2017](https://arxiv.org/pdf/1712.05526.pdf).      | poison-only, invisible                                     | first invisible attack                                      |
+|          [Blended](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Blended.py)         |      Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning. [arXiv, 2017](https://arxiv.org/pdf/1712.05526.pdf).      | poison-only, invisible                                     | first invisible attack                                      |
 |    [Refool (simplified version)](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Refool.py)   |       Reflection Backdoor: A Natural Backdoor Attack on Deep Neural Networks. [ECCV, 2020](https://arxiv.org/pdf/2007.02343.pdf).      | poison-only, sample-specific                               | first stealthy attack with visible yet natural trigger      |
-| [Label-consistent Attack](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/LabelConsistent.py) |     Label-Consistent Backdoor Attacks. [arXiv, 2019](https://arxiv.org/pdf/1912.02771.pdf).      | poison-only, invisible, clean-label                        | first clean-label backdoor attack                           |
+| [LabelConsistent](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/LabelConsistent.py) |     Label-Consistent Backdoor Attacks. [arXiv, 2019](https://arxiv.org/pdf/1912.02771.pdf).      | poison-only, invisible, clean-label                        | first clean-label backdoor attack                           |
 | [TUAP](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/TUAP.py) |      Clean-Label Backdoor Attacks on Video Recognition Models. [CVPR, 2020](http://openaccess.thecvf.com/content_CVPR_2020/papers/Zhao_Clean-Label_Backdoor_Attacks_on_Video_Recognition_Models_CVPR_2020_paper.pdf).      | poison-only, invisible, clean-label                        | first clean-label backdoor attack with optimized trigger pattern                          |
-| [Sleeper Agent](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/SleeperAgent.py) |      Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch. [arXiv, 2021](https://arxiv.org/pdf/2106.08970.pdf).      | poison-only, invisible, clean-label                        | effective clean-label backdoor attack                         |
+| [SleeperAgent](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/SleeperAgent.py) |      Sleeper Agent: Scalable Hidden Trigger Backdoors for Neural Networks Trained from Scratch. [arXiv, 2021](https://arxiv.org/pdf/2106.08970.pdf).      | poison-only, invisible, clean-label                        | effective clean-label backdoor attack                         |
 |               [ISSBA](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/ISSBA.py)               |       Invisible Backdoor Attack with Sample-Specific Triggers. [ICCV, 2021](https://arxiv.org/pdf/2012.03816.pdf).      | poison-only, sample-specific, physical                     | first poison-only sample-specific attack                    |
 |               [WaNet](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/WaNet.py)               |       WaNet - Imperceptible Warping-based Backdoor Attack. [ICLR, 2021](https://openreview.net/pdf?id=eEn8KTtJOx).      | poison-only, invisible, sample-specific                    |                                                             |
-|   [Blind Backdoor (blended-based)](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Blind.py)  | Blind Backdoors in Deep Learning Models. [USENIX Security, 2021](https://arxiv.org/pdf/2005.03823.pdf). | training-controlled                                        | first training-controlled attack targeting loss computation |
+|   [Blind (blended-based)](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/Blind.py)  | Blind Backdoors in Deep Learning Models. [USENIX Security, 2021](https://arxiv.org/pdf/2005.03823.pdf). | training-controlled                                        | first training-controlled attack targeting loss computation |
 |      [Input-aware Dynamic Attack](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/IAD.py)     |     Input-Aware Dynamic Backdoor Attack. [NeurIPS, 2020](https://arxiv.org/pdf/2010.08138.pdf).     | training-controlled, optimized, sample-specific            | first training-controlled sample-specific attack            |
-|        [Physical Attack](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/PhysicalBA.py)       |  Backdoor Attack in the Physical World. [ICLR Workshop, 2021](https://arxiv.org/pdf/2104.02361.pdf).  | training-controlled, physical                              | first physical backdoor attack                              |
+|        [PhysicalBA](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/PhysicalBA.py)       |  Backdoor Attack in the Physical World. [ICLR Workshop, 2021](https://arxiv.org/pdf/2104.02361.pdf).  | training-controlled, physical                              | first physical backdoor attack                              |
 |                [LIRA](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/LIRA.py)                |       LIRA: Learnable, Imperceptible and Robust Backdoor Attacks. [ICCV, 2021](https://openaccess.thecvf.com/content/ICCV2021/papers/Doan_LIRA_Learnable_Imperceptible_and_Robust_Backdoor_Attacks_ICCV_2021_paper.pdf).      | training-controlled, invisible, optimized, sample-specific |                                                             |
 
 **Note**: For the convenience of users, all our implemented attacks support obtaining poisoned dataset (via `.get_poisoned_dataset()`), obtaining infected model (via `.get_model()`), and training with your own local samples (loaded via `torchvision.datasets.DatasetFolder`). Please refer to [base.py](https://github.com/THUYimingLi/BackdoorBox/blob/main/core/attacks/base.py) and the attack's codes for more details.