search

BorealisAI / advertorch

A Toolbox for Adversarial Robustness Research
GNU Lesser General Public License v3.0
1.29k stars 195 forks source link

L2 Momentum Iterative Attack, risk of NA outputs #105

Open qlero opened 2 years ago

qlero commented 2 years ago

Hello, I'm pushing here an issue I've encountered with the MomentumIterativeAttack object when using the ord=2 argument. Sometimes, the computation will result in perturbed outputs (e.g. a batch of 64 MNIST images) that happen to be a torch Tensor of NA values.

This is due to this step, line 434-437, in iterative_projected_gradient.py:

delta.data *= clamp(
    (self.eps * normalize_by_pnorm(delta.data, p=2) /
        delta.data),
    max=1.)

delta.data may sometimes contain 0-valued elements, which will result in NA through the divisor operation (due to the iterative nature of the algorithm, this will propagate to the whole batch of images).

I'm suggesting to add a small value here, e.g. (self.eps * normalize_by_pnorm(delta.data, p=2) / (delta.data + 1e-8), to avoid this (akin to adding 1 to the vector vv in the function batch_l1_proj_flat in utils.py, line 239).

Best regards,

qlero

futakw commented 2 years ago

Hi, I encountered the same error and qlero's solution worked. Therefore, I also suggest the solution be added