Comments (7)
I have implemented this for some of my experiments for similar results. I used the code they released here
I only have the Max norm bounded attack though. It should be simple to add an option for restarts. And to implement the L2 bounded attack
One thing to note is that their PGD attack adds random noise at the start by default, which conflicted with Foolbox's bounds checking. So I clipped after adding noise, I think there should be a way around this.
from foolbox.
@neale how would I use your PGD attack on a Keras model that I have trained?
Edit: Nevermind I see this in your implementation
from foolbox.
Hi @neale, thanks for sharing. You can pass strict=False
when calling a.gradient
to bypass the bounds checking.
from foolbox.
Can we Pull his PGD implementation if it works? This seems extremely useful.
@neale code only works with Python 2.7 it seems.
File "/usr/local/lib/python3.5/dist-packages/foolbox/attacks/__init__.py", line 4, in <module>
from .momentum_attack import MIM, MomentumIterativeAttack
File "/usr/local/lib/python3.5/dist-packages/foolbox/attacks/momentum_attack.py", line 42
print "mim success norm: ", np.max(np.abs(perturbed - image))
Print function is not py 3.5 compliant. I am not sure what else in the library is not compliant as well.
Also what is the most performant way to generates lots of adversarial examples based on a trained model in your opinion?
from foolbox.
@pGit1 I haven't had a chance to finish this implementation.
It should be very easy to port/integrate yourself in the meantime. The changes to 3.5 are trivial I think.
My stuff isn't connected to the main Foolbox tree at all. I think everything there is 3.5 compliant. I just have these attacks that I needed for my own work. If I'm not too late, I'll get around to cleaning them up.
Performant as in fast? Just apply FGSM.
from foolbox.
No you arent too late. Thanks for the reply! I like how you implemented both PGD and Momentum attack! Two options I have at this point: 1) Just wait for your clean up and clone/pip install your repo 2) Fork the repo and clean it up where there are issues (I cant do a keyword search on a fork so I didnt know how extensive the py 2.7 artifacts had made there way into the codebase).
For the momentum attack I notice these two differences in the code:
- def _apply(self, a, u=1.0, epsilon=.3, eps_iter=0.06, nb_iter=10):
+ def _apply(self, a, epsilons=[0.3, 0.5, 1.0], eps_iter=0.06, nb_iter=10):
EDIT: Yes @neale performant as in fast but for PGD and Momentum attack as well. Trying to come up with some easy code that generates lots of adversarial samples for different attacks.
Should one be preferred over the other?
from foolbox.
closed by #171
from foolbox.
Related Issues (20)
- Example Code Running Failed HOT 1
- [tests/test_models] The results of `transform_bounds` are inconsistent between CPU and GPU. HOT 3
- Are there any plans to support attacks on TFLite models? HOT 1
- Changing CUDA device at runtime HOT 1
- Logit optimization
- about PGD attack HOT 2
- specifying criterion fails with TypeError HOT 2
- "nll_loss_forward_no_reduce_cuda_kernel_index" not implemented for 'Float' HOT 3
- Deprecation warning using old scipy namespace for gaussian_filter
- how to define the bounds HOT 2
- About the pgd attacks HOT 1
- how to use GaussianBlurAttack HOT 1
- FGSM TargetedMisclassfication HOT 1
- Use foolbox for multi-label classification HOT 1
- Local datasets supported?
- Is there a criterion for query budget? HOT 1
- It seems like the 'success' value in the return of the 'attack' function is overconfident. HOT 2
- About Carlini-Wagner Attack
- Are the wrong classified images sorted out? HOT 1
- It seems your CI/CD has a bug. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from foolbox.