mkrupczak3
commented
10 months ago Removing the negative training images seems to have had little impact. Same result as before.
At our meeting today, discussed how this might be because the patch training dataset is much too large. Theory is that with so many different images, the model is having a hard time learning what works and what doesn't with any single change to the patch.
Going to try a training run on a much smaller subset of data (about 8 images) and if it does any better
dkyman
starktao
Currently, patch training is failing to generate an adversarial pattern. It's just optimizing for non-printability score (nps) by generating an image of a single color:
@SlicedBacon and I believe this is because the Airbus dataset has negative training images (without objects present) which interfere with the patch training's stochastic gradient descent.
The original paper (and thus, the code repo this one is based on) used the INRIA dataset for person detection. @SlicedBacon noted this dataset does not have any negative training images where a person is not present.
In the current patch training code, any images without objects present will generate a
det_lossof 0.0, giving the optimizer a false signal that the patch completely defeated the object detector. This seems to be interfering with the patch training process, causing the discontinuities observed in thedet_lossgraph from tensorboard shown above.For a quick fix, we may remove the negative training images from the dataset when using it for patch training. We should fix it properly so it ignores negative training images in the future though so other researchers can use our code