Comments (5)
There are basically four things that the code does:
(1) Use a hinge loss as defined in the paper. Make sure you do this PRE-SOFTMAX, otherwise things will not be correct.
(2) Use a better optimizer than standard SGD. Exactly which one shouldn't be important.
(3) Choose the lagrangian multiplier through binary search.
(4) Run for many iterations.
If you're testing on MNIST, then you should be able to set the lagrangian multiplier to 10.0 or so as a baseline. If you use a learning rate of 10^-1, then only 100 iterations should give approximately reasonable numbers. Those settings should give reasonable results if everything else is correct.
from nn_robust_attacks.
Thanks! I'm now testing on CIFAR-10, and I set learning rate: 0.1, iterations: 100, binary search step: 1. I guess I will try MNIST first and see what's going on.
from nn_robust_attacks.
Those settings should be reasonable, too. I would recommend verifying you are doing the pre-softmax correctly. If you do things post-softmax, results are very bad.
from nn_robust_attacks.
Thanks for your suggestions. I finally solved this issue by letting the learning rate decay to its half every 20 iterations (max iterations: 100) and then all adversarial samples could be found. So I guess the issue is mainly caused by the Adam optimizer of Pytorch, since with Tensorflow one could get desirable results without decaying the learning rate of Adam.
from nn_robust_attacks.
Thanks for the update. That's interesting. Adam is supposed to set the learning rate adaptively, so not sure why the pytorch one isn't doing it.
from nn_robust_attacks.
Related Issues (20)
- How to control the pixel number to be noised ? HOT 2
- About the settings for imagenet HOT 3
- modifier always equals zero
- no boxmin and boxmax in L_0 and L_inf
- Misleading printing?
- TODO
- Low validation accuracy of CIFAR HOT 2
- Any adversarial attack that sustains after resize attack HOT 1
- L_inf always fails if abort_early is False
- I want to attack my own model training by tensorflow2.0. HOT 2
- L2 untargeted attack not working?! HOT 2
- Unable to open file HOT 1
- Unable to run train_models.py HOT 2
- Unsuccessful TensorSliceReader constructor HOT 1
- What version of tensorflow + keras? HOT 1
- why 10000 in your code,what's the meaning?Thanks!!! HOT 2
- What are the keras and tensorflow imported in the code?
- question for self.newimg in l2_attack
- GZip error HOT 2
- L2 regularization term is squared. Why here specifically? Which impact?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nn_robust_attacks.