About image processing

[tuji-sjp]

Hello, I would like to ask why CIFAR-10 was not pre-processed in your code, while the image of ImageNet was pre-processed? In addition, does the adversarial examples need to be pre-processed (such as normalization) before being fed into the model for reclassification?

[tuji-sjp]

Also, I'm not quite sure whether we are attacking the original image or the pre-processed image? There seems to be a contradiction in your code.

[Hyperparticle]

The CIFAR10 images are preprocessed, just using a different preprocessing function. Each network defines color_process(), which is called on every predict() for CIFAR images. E.g., https://github.com/Hyperparticle/one-pixel-attack-keras/blob/master/networks/resnet.py#L165.

The ImageNet notebook is experimental for now. It uses imagenet_utils to do the preprocessing instead. This is a more general approach for arbitrary images, but the code isn't finished here.

As for your final point, the first bit of code is simply a demonstration. If it was preprocessed, it would be hard to view it as an image. The actual attack, however, should use the preprocessed image, as in the second bit.

Hope that helps.

[tuji-sjp]

The CIFAR10 images are preprocessed, just using a different preprocessing function. Each network defines color_process(), which is called on every predict() for CIFAR images. E.g., https://github.com/Hyperparticle/one-pixel-attack-keras/blob/master/networks/resnet.py#L165.

The ImageNet notebook is experimental for now. It uses imagenet_utils to do the preprocessing instead. This is a more general approach for arbitrary images, but the code isn't finished here.

As for your final point, the first bit of code is simply a demonstration. If it was preprocessed, it would be hard to view it as an image. The actual attack, however, should use the preprocessed image, as in the second bit.

Hope that helps.

Thank you very much. It helps me a lot!