Comments (2)
There are two types of attacks:
- Maximize adversarialness subject to the distortion being less than some threshold.
- Minimize distortion subject to the image being adversarial.
This attack is of the second flavor. So you can't directly control how many pixels are perturbed, it will keep shrinking the number of pixels until it can't succeed any more.
The simplest thing to do is just to run the attack and then at the end check if the number of pixels that changed is less than your threshold. If yes, the attack succeeded. Slightly more efficient would be to add an extra check around here
https://github.com/carlini/nn_robust_attacks/blob/master/l0_attack.py#L228
That will break out of the loop if equal_count > threshold
.
from nn_robust_attacks.
There are two types of attacks:
- Maximize adversarialness subject to the distortion being less than some threshold.
- Minimize distortion subject to the image being adversarial.
This attack is of the second flavor. So you can't directly control how many pixels are perturbed, it will keep shrinking the number of pixels until it can't succeed any more.
The simplest thing to do is just to run the attack and then at the end check if the number of pixels that changed is less than your threshold. If yes, the attack succeeded. Slightly more efficient would be to add an extra check around here
https://github.com/carlini/nn_robust_attacks/blob/master/l0_attack.py#L228
That will break out of the loop ifequal_count > threshold
.
Yes, I have tried this method as your instruction and the result is okay!
equal_count = self.image_size**2-np.sum(np.all(np.abs(img-nimg[0])<.0001,axis=2))
if equal_count <threshold:
return last_solution
Thanks so much !
from nn_robust_attacks.
Related Issues (20)
- About the settings for imagenet HOT 3
- modifier always equals zero
- no boxmin and boxmax in L_0 and L_inf
- Misleading printing?
- TODO
- Low validation accuracy of CIFAR HOT 2
- Any adversarial attack that sustains after resize attack HOT 1
- L_inf always fails if abort_early is False
- I want to attack my own model training by tensorflow2.0. HOT 2
- L2 untargeted attack not working?! HOT 2
- Unable to open file HOT 1
- Unable to run train_models.py HOT 2
- Unsuccessful TensorSliceReader constructor HOT 1
- What version of tensorflow + keras? HOT 1
- why 10000 in your code,what's the meaning?Thanks!!! HOT 2
- What are the keras and tensorflow imported in the code?
- question for self.newimg in l2_attack
- GZip error HOT 2
- L2 regularization term is squared. Why here specifically? Which impact?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nn_robust_attacks.