search

advboxes / AdvBox

Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
Apache License 2.0
1.39k stars 265 forks source link

How to train my own adversarial sticker targetting a certain class with my own dataset? #66

Closed satoshiSchubert closed 3 years ago

satoshiSchubert commented 3 years ago

Thanks for your wonderful work. I'd like to know how to train my own adv examples trargeting a certain object, such as cars, etc. If it is possible, what should i do? need i put my dataset in a certain folder or modify the code? Looking forward to your reply:D

jayxio commented 3 years ago

Hi @bossConneR , To train your own adv example targeting a specified label such as a car, banana, etc, you need to do the following:

  1. prepare at least 1k images containing your targeted objects, place them in data_sampling folder.
  2. write your own attack method, you can check attack_methods/base_logic.py and implement a predefined abstract method. Especially, this method matters 
    @abstractmethod
def build_model_attack_graph(self, **kwargs):
    """
    Prepare an end-to-end differentiable model.
    Args:
    **kwargs: Other named arguments.
    """
    raise NotImplementedError

    You need to analyze the object detector to fetch the targeted output you want for adversarial sticker generation. This method also defines the optimization process, which is to calculate the adversarial perturbation s.t fetched output ~ target distribution. You can check eotb_attack.py for more details.

  3. make it run. Try to assemble the components and tuning hyperparameter such as attack learning rate, steps, etc.
satoshiSchubert commented 3 years ago

Thank you for such a detailed reply! I will try it :D