lts4 / deepfool Goto Github PK
View Code? Open in Web Editor NEWA simple and accurate method to fool deep neural networks
A simple and accurate method to fool deep neural networks
Instead of these lines
tf = transforms.Compose([transforms.Normalize(mean=[0, 0, 0], std=map(lambda x: 1 / x, std)),
transforms.Normalize(mean=map(lambda x: -x, mean), std=[1, 1, 1]),
transforms.Lambda(clip),
transforms.ToPILImage(),
transforms.CenterCrop(224)])
it should be like
tf = transforms.Compose([transforms.Normalize(mean=[0, 0, 0], std=list(map(lambda x: 1 / x, std))),
transforms.Normalize(mean=list(map(lambda x: -x, mean)), std=[1, 1, 1]),
transforms.Lambda(clip),
transforms.ToPILImage(),
transforms.CenterCrop(224)])
i
I found an issue when running the python test_deepfool code. Could be my machine, but I this is what I ran into with a fresh pytorch 0.1.12
The test file doesn't work right away for me, I had to change a couple indexing lines that were giving me trouble.
#Line 81 in deepfool.py should be
fs = net.forward(x)
#line 53 in test_deepfool.py then is this
plt.imshow(np.clip(tf(pert_image.cpu()[0]), 0, 255))
For me this fixed a 5D variable that was being passed into resnet as input, instead of a 4D like it wants.
In line 51, that is:
clip = lambda x: clip_tensor(x, 0, 255)
should be:
clip = lambda x: clip_tensor(x, 0, 1)
In tf, transforms.Lambda()
is in front, and there is no multiplication by 255 which will be operated by transforms.ToPILImage()
.
But this should not affect the final result.
I currently use DeepFool as an estimate for the distance to the decision boundary of a classifier, as suggested in the paper: https://arxiv.org/abs/2002.01810v1
I used the implementation from torchattacks because I found the implementation from the LTS4/DeepFool repo hard to understand and work without throwing errors. In the implementation from torchattacks I found an implementation error, that returned the original images as perturbation when the classifier already misclassified the image. Harry24k/adversarial-attacks-pytorch#51
This might also be the case in this repo, but I havent checked, just wanted to let you know.
Hello,I have a question that when I save the adv_img using "plt.savefig('C:/Users/acer/Desktop/try/deepfool_adv_img.jpg')",then I put the path of the adv_img I have saved into input_path,but Original label doesn't changed,doesn't it should be the Adversarial label?And what makes this happens?
Thanks!
When running code on binary classification, does it mean that we only need to modify the num_classes = 2 instead of 10 as default?
When I tried it, I found a lot of perturbed samples as NaN value. Have you ever found this before?
Use test_deepfool.py to test on two test pictures. When the generated disturbed picture enters the network again for forward calculation, the category has not changed.
The images directly generated by deepfool have relatively large changes. After performing some normalization on the disturbed images generated by deepfool in the code, it is obviously closer to the original image, but the category of the generated image has not changed.
for example:
For the picture test_im1.jpg: the original category is macaw, and the deepfool shows that the disturbed picture category is flamingo (the picture directly output by the network has changed dramatically).
But after a series of other operations, it is very similar to the original image, but at the same time, the category is still macaw.
File "C:\Users\acer\Anaconda3\lib\site-packages\torchvision\transforms\functional.py", line 207, in normalize
std = torch.tensor(std, dtype=torch.float32)
TypeError: must be real number, not map
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.