Conversation
| @@ -0,0 +1,9 @@ | |||
| # Advbox | |||
There was a problem hiding this comment.
/adversarial/ may not be a good path. However, we can just merge this PR, and change it later.
There was a problem hiding this comment.
OK. You can specify an appropriate directory. Thank you.
adversarial/advbox/attacks/base.py
Outdated
| The base model of the model. | ||
| """ | ||
| from abc import ABCMeta | ||
| #from advbox.base import Model |
There was a problem hiding this comment.
Either uncomment or remove this line.
adversarial/advbox/attacks/base.py
Outdated
| """ | ||
| The base model of the model. | ||
| """ | ||
| from abc import ABCMeta |
There was a problem hiding this comment.
from abc import ABCMeta, abstractmethod
adversarial/advbox/models/base.py
Outdated
|
|
||
| Args: | ||
| image(numpy.ndarray): image with shape (height, width, channel) | ||
| label(int): image label used to cal gradient. |
There was a problem hiding this comment.
The comments seem inconsistent with real arguments.
| Args: | ||
| program(paddle.v2.fluid.framework.Program): The program of the model which generate the adversarial sample. | ||
| input_name(string): The name of the input. | ||
| logits_name(string): The name of the logits. |
There was a problem hiding this comment.
Is the logits_name means the fake label logits to cheat NN?
There was a problem hiding this comment.
adversarial attack has two types, untargeted and targeted.
- The goal of the non-targeted attack is to slightly modify source image in a way that image will be classified incorrectly
- The goal of the targeted attack is to slightly modify source image in a way that image will be classified as specified target class
In untargeted attack which we has implemented, the fake label logits make no effect.
In targeted attack, the logits_name means the fake label logits to cheat NN.We will implement the targeted attack later.
There was a problem hiding this comment.
In my understanding, even in the non-targeted attack, the fake label logits are required to generate the loss. Otherwise, we can neither get the backward gradient nor modify input images further. However, what the fake label logits are is not important. They can be all zeros, random vectors or even different each batch.
Do I understand it correctly?
| epsilons = np.linspace(0, 1, num=epsilons + 1) | ||
|
|
||
| for epsilon in epsilons: | ||
| adv_img = image_batch[0][0].reshape( |
There was a problem hiding this comment.
Here we only get the first instance of the image_batch, so the batch size can only be 1 ?
There was a problem hiding this comment.
Yes. I have changed the name and modify the comment to avoid ambiguity.
adversarial/advbox/models/paddle.py
Outdated
| loss = self._program.block(0).var(self._cost_name) | ||
| param_grads = fluid.backward.append_backward( | ||
| loss, parameter_list=[self._input_name]) | ||
| self._gradient = param_grads[0][1] |
There was a problem hiding this comment.
It seems that self._gradient should be the gradient of input. However, it is not always in the first element. So the following may be more correct:
self._gradient = dict(param_grads)[self._input_name]
adversarial/fluid_mnist.py
Outdated
| Returns: | ||
| Variable: the label prediction | ||
| """ | ||
| #conv1 = fluid.nets.conv2d() |
There was a problem hiding this comment.
Please remove the comment.
adversarial/fluid_mnist.py
Outdated
| # if avg cost less than 10.0 and accuracy is larger than 0.9, we think our code is good. | ||
| break | ||
|
|
||
| # exit(0) |
There was a problem hiding this comment.
Please remove the comment.
adversarial/fluid_mnist.py
Outdated
| fluid.io.save_params( | ||
| exe, dirname='./mnist', main_program=fluid.default_main_program()) | ||
| print('train mnist done') | ||
| exit(1) |
There was a problem hiding this comment.
exit(0)? 1 means there is something wrong.
Actually, I think exit is not necessary here.
JiayiFeng
left a comment
JiayiFeng
left a comment
There was a problem hiding this comment.
LGTM. Welcome to be a PaddlePaddle contributor!
|
I noticed that this PR merges code into the root directory. Let's create an examples directory, and move the code there. I created an issue to remark this #7542 |
4 participants
We come from Baidu security lab. We want to contribute the advbox tools which can generate adversarial sample to fool the neural networks like tensorflow's cleverhans library.