Comments (8)
You calculate the reference label like this:
label = numpy.argmax(fmodel.predictions(image))
,
i.e. with RGB color channel ordering, but the network expects BGR and you also use BGR when running the attack: adversarial = attack(image[:,:,::-1], label, unpack=False)
Therefore, the reference label and the prediction for the input image made by the attack differ and the original image is misclassified.
In other words: just use label = numpy.argmax(fmodel.predictions(image[:, :, ::-1]))
to get the reference label.
However, I think Foolbox should abstract away the color channel ordering (RGB vs. BGR) as part of the preprocessing so that the user does not run into these issues. I will probably add this to the next Foolbox release. Thanks @neale!
P.S.: when I run the code in your gist, I do get a warning that helped me track down this problem:
.../foolbox/attacks/base.py:93: UserWarning: Not running the attack because the original image is already misclassified and the adversarial thus has a distance of 0.
Do you get this warning as well, @neale, or is it hidden because of your python configuration? In that case, it would be good to know so that we can make sure that users see the warnings.
from foolbox.
Could you give a minimum working example where this error arises?
from foolbox.
Of course.
The attack just isn't applied in most cases, I figured it was just my images, but I'm only using the imagenet validation set, so they should be ok as far as that goes.
Here's the test code in a gist
And here is an offending image
This is with a clean pip install, to rule out my edits.
Thanks again!
from foolbox.
@jonasrauber How do you want to abstract channel ordering away? I wouldn't like to introduce anything that is specific to "color channels". Quite the contrary, I'd even like to get rid of the color_channel argument as it is too specific to images. One could nonetheless make it part of the preprocessing in that one can define channel flipping with an additional argument of the type [1,1,-1] (so in this case the spatial axes would not be flipped but the color channel would).
from foolbox.
For now, I will add a reverse_channel_order
argument (at first I thought about adding a way to specify RGB / BGR, but I also thought that's too image specific). I think the notion of "channels" is general enough for now: we have channel_axis (it's not called color_channel ;-) ) anyway and cannot easily get rid of it, and every ConvNet (not just for images) has that notion.
If we at some point really get rid of channel_axis and other channel related stuff, we might want to think about a more general preprocessing anyway.
from foolbox.
But where is channel_axis actually being used? As far as I can see it's only used in two or three attacks, right?
from foolbox.
True, some attacks (don't know how many). But let's have this discussion somewhere else.
@neale If your problem is solved, just close the issue.
from foolbox.
Thanks!
from foolbox.
Related Issues (20)
- Example Code Running Failed HOT 1
- [tests/test_models] The results of `transform_bounds` are inconsistent between CPU and GPU. HOT 3
- Are there any plans to support attacks on TFLite models? HOT 1
- Changing CUDA device at runtime HOT 1
- Logit optimization
- about PGD attack HOT 2
- specifying criterion fails with TypeError HOT 2
- "nll_loss_forward_no_reduce_cuda_kernel_index" not implemented for 'Float' HOT 3
- Deprecation warning using old scipy namespace for gaussian_filter
- how to define the bounds HOT 2
- About the pgd attacks HOT 1
- how to use GaussianBlurAttack HOT 1
- FGSM TargetedMisclassfication HOT 1
- Use foolbox for multi-label classification HOT 1
- Local datasets supported?
- Is there a criterion for query budget? HOT 1
- It seems like the 'success' value in the return of the 'attack' function is overconfident. HOT 2
- About Carlini-Wagner Attack
- Are the wrong classified images sorted out? HOT 1
- It seems your CI/CD has a bug. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from foolbox.