Comments (7)
model which has classes instead of multiple classes
I think there is a word missing ;-)
Why not? BoundaryAttack should work with any number of classes.
from foolbox.
Hi,
I used the following code:
with tf.Session() as sess:
load(sess, FLAGS.load_model, saver_inception)
img = x_test[10]
label = y_test[10]
criterion = Misclassification()
model = TensorFlowModel(x_tensor, logits_inception, bounds=(0, 255))
attack = BoundaryAttack(model, criterion)
img_adv = attack(img, label[0], verbose=True)
But it returns warning like this:
/home/zhengwei/python2.7/local/lib/python2.7/site-packages/foolbox/attacks/blended_noise.py:37: UserWarning: BlendedUniformNoiseAttack failed to draw a random image that is adversarial.
warnings.warn('BlendedUniformNoiseAttack failed to draw a'
/home/zhengwei/python2.7/local/lib/python2.7/site-packages/foolbox/attacks/base.py:102: UserWarning: BlendedUniformNoiseAttack did not find an adversarial, maybe the model or the criterion is not supported by this attack.
warnings.warn('{} did not find an adversarial, maybe the model or the criterion is not supported by this attack.'.format(self.name())) # noqa: E501
/home/zhengwei/python2.7/local/lib/python2.7/site-packages/foolbox/attacks/boundary_attack.py:218: UserWarning: Initialization failed. If the criterion is targeted, it might be necessary to pass an explicit starting point or targeted initialization attack.
'Initialization failed. If the criterion is targeted,'
/home/zhengwei/python2.7/local/lib/python2.7/site-packages/foolbox/attacks/base.py:102: UserWarning: BoundaryAttack did not find an adversarial, maybe the model or the criterion is not supported by this attack.
warnings.warn('{} did not find an adversarial, maybe the model or the criterion is not supported by this attack.'.format(self.name())) # noqa: E501
It seems that BoundaryAttack cannot find the adversarial input for the model? Can you give me some help on this? Thanks.
from foolbox.
Well, the BoundaryAttack tries to find an initial (possibly very large) adversarial perturbation to start with (to minimize further). By default (if nothing else is specified), it does so by drawing a random input and usually that one will have the wrong class. If you only have two classes, this will only work 50% of time (or maybe even less often your classes aren't balanced, etc.).
There are many ways to fix this. For example you could manually pass a starting_point to the BoundaryAttack:
img_adv = attack(img, label[0], verbose=True, starting_point=...)
Such a starting_point should have the same format as your input image; it should basically just be an image from another class.
Before you do any of that you should however make sure that it's really necessary. The BlendedUniformNoiseAttack used as initialization tries 1000 times and in principle (if your bounds are set correctly) that should also work for two classes. Could it be that random noise images are always classified as the same class? It that case, the starting_point approach as described above should help
from foolbox.
from foolbox.
Did you check the output of fmodel.predictions(starting_point)
, where fmodel
is the Foolbox model that wraps your model. The output should be the logits for the two classes. Could it be that the preprocessing or so are wrong?
In any case, please share the acutal code (or a minimal example that demonstrates the problem), otherwise it's hard to help.
from foolbox.
Oh, and please post the error message properly formatted (e.g. by marking it as code on GitHub; don't reply via mail).
from foolbox.
Closing because there has been no activity. Please reopen if the problem still exists.
from foolbox.
Related Issues (20)
- Example Code Running Failed HOT 1
- [tests/test_models] The results of `transform_bounds` are inconsistent between CPU and GPU. HOT 3
- Are there any plans to support attacks on TFLite models? HOT 1
- Changing CUDA device at runtime HOT 1
- Logit optimization
- about PGD attack HOT 2
- specifying criterion fails with TypeError HOT 2
- "nll_loss_forward_no_reduce_cuda_kernel_index" not implemented for 'Float' HOT 3
- Deprecation warning using old scipy namespace for gaussian_filter
- how to define the bounds HOT 2
- About the pgd attacks HOT 1
- how to use GaussianBlurAttack HOT 1
- FGSM TargetedMisclassfication HOT 1
- Use foolbox for multi-label classification HOT 1
- Local datasets supported?
- Is there a criterion for query budget? HOT 1
- It seems like the 'success' value in the return of the 'attack' function is overconfident. HOT 2
- About Carlini-Wagner Attack
- Are the wrong classified images sorted out? HOT 1
- It seems your CI/CD has a bug. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from foolbox.