Closed zacps closed 3 years ago
Hi @zacps Thank you for raising this interesting issue.
So far the attacks don't modify the output to allow a user to run the attack with probabilities or logits, independent of the attack's preference. But I see your point, and I would propose that we add a new argument to SklearnClassifier
called use_logits
(following other ART estimators) that would define if SklearnClassifier.predict
uses predict_log_proba
or predict_proba
. What do you think?
Would you be interested to implement a solution for one of ART's next releases?
Would it be better to add predict_log_proba
method to the SklearnClassifier
? DeepFool
could check for it and use it if it exists (like in scikitlearn.py#L164).
Yes, I should have time to implement something.
That's great! Let me know anytime if you have questions.
I think your approach would work, but it would not allow a user to run the attack with probabilities for example for comparison purposes.
I think we should still go for a new argument use_logits
as it would be more consistent with the overall pattern in ART to keep the model related settings on the estimator side and let the attack work with the output provided by the estimator. But, I think new checks like in scikitlearn.py#L164 would still be required in SklearnClassifier
to check if the provided sklearn model provides predict_log_proba
if use_logits=True
.
Describe the bug Running
DeepFool
on aSklearnClassifier
results in probabilities instead of logits being provided toDeepFool
.To Reproduce Pseudocode only
Results in the warning:
Expected behavior The
SklearnClassifier
should usepredict_log_proba
instead ofpredict_proba
when providing probability estimates to the deepfool attack.System information: