Open Framartin opened 1 year ago
Thank you for your kind explanation. There are a few things that should be considered when merging more than two attacks:
However, I agree with your suggestion that combining techniques is mandatory to achieve SOTA.
Then, how about making a new class like UPGD for transferability?
For this, the forward
method in each class should be broken down into several class methods.
Some attacks implemented in torchattacks have better results when used in combinations with other attacks, as reported in their papers.
For example, the paper proposing DI2-FGSM achieves its best results when it is combined with MI-FGSM ("M-DI2-FGSM"). The same is true for Translation Invariance and SGM which are combined with DI2-FGSM and MI-FGSM.
One easy solution might be to add momentum to
torchattacks.attacks.difgsm.DIFGSM
andtorchattacks.attacks.tifgsm.TIFGSM
, and to add DI totorchattacks.attacks.tifgsm.TIFGSM
. But multiple isolated copies of the implementation of each technique might be cumbersome and difficult to maintain at some point. Would it make sense to have a single super class which implement all of them at once? Or to have a generic BIM attack whose methods could be extended?To illustrate the issue, I have compiled in the following table the combinations evaluated by five papers about adversarial examples transferability.