Unispac
commented
1 year ago Hi, you can refer to the loss curve figure in our paper. Basically, we find that the attack needs more steps to converge. For example, even in 5000 steps, the unconstrained attack still has a trend toward lower loss values. So, if you only run 100 steps, I expect the effectiveness of the attack would be worse.
charismaticchiu
May I ask why we used 5000 PGD steps? Are there difference in outputs for 100, 1000 steps?