search

advboxes / AdvBox

Advbox is a toolbox to generate adversarial examples that fool neural networks in PaddlePaddle、PyTorch、Caffe2、MxNet、Keras、TensorFlow and Advbox can benchmark the robustness of machine learning models. Advbox give a command line tool to generate adversarial examples with Zero-Coding.
Apache License 2.0
1.39k stars 265 forks source link

Single Pixel Attack Assertion Error #68

Closed ajsanjoaquin closed 3 years ago

ajsanjoaquin commented 3 years ago

I get an Assertion Error when trying to run the Single Pixel Attack. Apparently, axes length must be equal to 2 (H, W), but my axes length is equal to 3 (B, H, W). I tried squeezing my img_tensor (3, 244, 244) but the predict method breaks. I tried removing the Assertion statement but creates an Index error.

Can anyone tell me how to properly use the Single Pixel Attack? I followed the same method as shown in the FGSM notebook example written in Pytorch.

Code to reproduce:

from adversarialbox.attacks.localsearch import SinglePixelAttack

# initialize model and img_tensor here

attack = SinglePixelAttack(model)  # Channel axis = 1
adversary = Adversary(img_tensor.to('cpu'), label)  # Tensor shape: (1, 3, 244, 244) B, C, H, W

adversary = attack(adversary)
jayxio commented 3 years ago

Could you try using MNIST dataset to run the Single Pixel Attack tutorial in tutorials? Single Pixel Attack is a demo intended for the MNIST dataset. The diversity of different datasets preprocessing limits the versatility.

ajsanjoaquin commented 3 years ago

Yes, it works for MNIST. Thanks. Although it would be good if there was a note in the attacks README that states which attacks are currently demos.