search

Trusted-AI / adversarial-robustness-toolbox

Adversarial Robustness Toolbox (ART) - Python Library for Machine Learning Security - Evasion, Poisoning, Extraction, Inference - Red and Blue Teams
https://adversarial-robustness-toolbox.readthedocs.io/en/latest/
MIT License
4.82k stars 1.16k forks source link

Evasion Attack Capability for Multi-Label Classification #2066

Closed MadhuSaran26 closed 1 year ago

MadhuSaran26 commented 1 year ago

Discussed in https://github.com/Trusted-AI/adversarial-robustness-toolbox/discussions/2065

Originally posted by **MadhuSaran26** March 10, 2023 I'm trying to perform a white-box evasion attack (FastGradientMethod) on my pre-trained multi-label classification model. This model has been wrapped in the PyTorchClassifier class and passed as an argument to the FastGradientMethod class. However, I encountered the following error. ``` --------------------------------------------------------------------------- ValueError Traceback (most recent call last) in ----> 1 images_adv = attack.generate(images.numpy()) 6 frames /usr/local/lib/python3.9/dist-packages/torch/nn/functional.py in binary_cross_entropy_with_logits(input, target, weight, size_average, reduce, reduction, pos_weight) 3158 3159 if not (target.size() == input.size()): -> 3160 raise ValueError("Target size ({}) must be the same as input size ({})".format(target.size(), input.size())) 3161 3162 return torch.binary_cross_entropy_with_logits(input, target, weight, pos_weight, reduction_enum) ValueError: Target size (torch.Size([16])) must be the same as input size (torch.Size([16, 9])) ``` In this, 16 is the batch size and 9 is the number of output classes in the model. The following code produced this error. ``` classifier = PyTorchClassifier( model=vgg, clip_values=(0, 255), loss=nn.BCEWithLogitsLoss(), optimizer=optimizer, input_shape=(3, 256, 256), nb_classes=9, device_type='cpu' ) attack = evasion.FastGradientMethod(estimator=classifier, eps=0.2) images_adv = attack.generate(images.numpy()) ``` I'd like to know whether this toolbox can be used for a multi-label classification problem. If yes, then please kindly direct me to an example execution, or at least let me know what are the changes that I should make to my code. Otherwise, please provide the solution to this problem. In addition, I wanted to point out that it's not feasible to create combined labels as there are multiple combinations, which could be possible in a scenario.
beat-buesser commented 1 year ago

Closing because duplicate of #2064 which was converted into a Discussion.