Open eliegoudout opened 4 months ago
Quick notes for me when I'll fix it:
ProjectedGradientDescent.__init__
doesn't have decay
attribute (but I guess it's fine, it's in self._attack
)_compute_tf
(has no decay
argument) calls _compute_perturbation
with decay=self.decay
,_compute_perturbation_pytorch
(name inconsistency!) doesn't have decay
as argument (signature inconsistency!)FastGradient
. Method _compute
takes decay
as argument (signature inconsistency!) and calls _compute_perturbation
with decay=decay
.
Stumbled upon 2 issues regarding the implementation of the momentum for Fast Gradient Method adversarial attack:
momentum
variable as a side effect, which doesn't always seem to work as expected (see https://github.com/Trusted-AI/adversarial-robustness-toolbox/pull/2382#discussion_r1581755056). As such, I believe that the current momentum iterative attack is actually only BIM!The first issue should be fixed by #2382, while the second should be independently investigated and fixed, as it may require some refactoring. Furthermore, it could be well-advised to add a test for a different decay value.
Edit: It looks like the tensorflow framework doesn't work with the in-place modification.