xuanqing94 / robgan Goto Github PK

can you tell me the training epoch number before finetuning for imagenet 143 category and cifar datasets

Hi, the PGD attack in your paper is different from original paper.
According to your code, the grad doesn't be dealing with sign function.

You can refer to https://github.com/Harry24k/adversarial-attacks-pytorch/blob/4c6613d19b2081a15b319aed798cdd7f811a8326/torchattacks/attacks/pgd.py#L73

import torch
import torch.nn.functional as F
from torch.autograd import grad, Variable
from .linf_sgd import Linf_SGD

def attack_Linf_PGD(input_v, ones, label_v, dis, Ld, steps, epsilon):
    dis.eval()
    adverse_v = input_v.data.clone()
    adverse_v = Variable(adverse_v, requires_grad=True)
    optimizer = Linf_SGD([adverse_v], lr=0.0078)
    for _ in range(steps):
        optimizer.zero_grad()
        dis.zero_grad()
        d_bin, d_multi = dis(adverse_v)
        loss = -Ld(d_bin, ones, d_multi, label_v, lam=0.5)
        loss.backward()
        #print(loss.data[0])
        optimizer.step()
        diff = adverse_v.data - input_v.data
        diff.clamp_(-epsilon, epsilon)
        adverse_v.data.copy_((diff + input_v.data).clamp_(-1, 1))
    dis.train()
    dis.zero_grad()
    return adverse_v

def attack_Linf_PGD_bin(input_v, ones, dis, Ld, steps, epsilon):
    dis.eval()
    adverse_v = input_v.data.clone()
    adverse_v = Variable(adverse_v, requires_grad=True)
    optimizer = Linf_SGD([adverse_v], lr=0.0078)
    for _ in range(steps):
        optimizer.zero_grad()
        dis.zero_grad()
        d_bin = dis(adverse_v)
        loss = -Ld(d_bin, ones)
        loss.backward()
        #print(loss.data[0])
        optimizer.step()
        diff = adverse_v.data - input_v.data
        diff.clamp_(-epsilon, epsilon)
        adverse_v.data.copy_((diff + input_v.data).clamp_(-1, 1))
    dis.train()
    dis.zero_grad()
    return adverse_v

# performs FGSM attack, and it is differentiable
# @input_v: make sure requires_grad = True
def attack_FGSM(input_v, ones, label_v, dis, Lg):
    dis.eval()
    d_bin, d_multi = dis(input_v)
    loss = -Lg(d_bin, ones, d_multi, label_v, lam=0.5)
    g = grad(loss, [input_v], create_graph=True)[0]
    return input_v - 0.005 * torch.sign(g)


# performs Linf-constraint PGD attack w/o noise
# @epsilon: radius of Linf-norm ball
def attack_label_Linf_PGD(input_v, label_v, dis, steps, epsilon):
    dis.eval()
    adverse_v = input_v.data.clone()
    adverse_v = Variable(adverse_v, requires_grad=True)
    optimizer = Linf_SGD([adverse_v], lr=epsilon / 5)
    for _ in range(steps):
        optimizer.zero_grad()
        dis.zero_grad()
        _, d_multi = dis(adverse_v)
        loss = -F.cross_entropy(d_multi, label_v)
        loss.backward()
        #print(loss.data[0])
        optimizer.step()
        diff = adverse_v.data - input_v.data
        diff.clamp_(-epsilon, epsilon)
        adverse_v.data.copy_((diff + input_v.data).clamp_(-1, 1))
    dis.zero_grad()
    return adverse_v

First of all, thank you very much for your excellent work. I am a graduate student studying in mainland China. For some reasons, I can't download the Imagenet datasets. Then I want to test the code you provide with my own datasets. So can you give me some details about the data you use, such as the Imagenet-143 datasets you use, how many images are included in the data set, and how many images are used for training and testing?
Thank you very much for your help.

我想从这几个测试模型里加一个vgg19的模型看看他的准确率，我想请问一下具体该怎么做

Congrats on great paper. I wanted to run your model on some smaller dataset like CIFAR10 or MNIST but when I run it on CIFAR with the defaults you provided for Imagenet (I also tried it with resnet32) I end up with a model that has acc_r=1, acc_f=0 (with singular cases on first decoder step when it varies by something like ~0.2) throughout the whole 200 epochs and both classification accuracies getting to about 0.6 acc. Could you please recommend some parameters that might work better?

When evaluating, the test data should be used.

So the correct should be as following:

data = CIFAR10(root=opt.root, train=False, download=False, transform=trans)

Thanks.

What is the perturbation used for training? Are all the columns in the results, which displays testing at different perturbation, are for a single model? i.e, for all columns the model has same adversarial perturbation (what is it?)?

Results for CIFAR-10 as in Table1 of paper (at: https://web.cs.ucla.edu/~chohsieh/papers/RobustGAN_CVPR_new.pdf) is:

A bit more detail, about my Q:

• Paper mentions: δ max ∈ np.arange(0, 0.1, 0.01). What does this mean? Does it mean maximum perturbation is 0.1 and step size is 0.01?
• Code seems to limit perturbation to ε. [line 24:]

  diff.clamp_(-epsilon, epsilon)

  The github page says to set ε to 0.03125, but this would effectively make it half as for this code input is in range [-1, 1] not [0, 1].

Thank you very much for your excellent work. When I ran the code you provided, I encountered some problems, several of which were not solved. I'd like to consult you.
1: What are the specific meanings of "positive" and "negative" in train.py?
2: In the paper, D_Loss = Ls + Lc1, G_Loss = Lc2 - Ls; but in the program, what I see is
Los_g = λL1 + (1-λ) L2, loss_d =λL1 + (1-λ) L2. Is the definition of loss function in the paper consistent with that in the program?
3: When I validate your program with other data sets, at the step of saving real images, the last four pictures are always black,such as
. I can't find the reason. I hope you can give me some suggestions.
Thank you again for your help!