search

bethgelab / foolbox

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
https://foolbox.jonasrauber.de
MIT License
2.77k stars 426 forks source link

ValueError: Cannot feed value of shape (1, 100, 20) for Tensor 'dense_1_input:0', which has shape '(?, 20)' #285

Closed wusf18 closed 5 years ago

wusf18 commented 5 years ago

Hello , I intend to test FGSM attack in random number and I got the above error. My model is like this:

import keras import tensorflow as tf import numpy as np

import foolbox

from keras.models import Sequential from keras.layers import Dense, Activation, Dropout from keras.optimizers import SGD

generate data

x_train = np.random.random((1000,20)) #1000行 20列的浮点数 y_train = keras.utils.to_categorical(np.random.randint(10,size=(1000,1)),num_classes=10) x_test = np.random.random((100,20)) #1000行 20列的浮点数 y_test = keras.utils.to_categorical(np.random.randint(10,size=(100,1)),num_classes=10)

model = Sequential() model.add(Dense(units=64,activation='relu',input_dim=20)) model.add(Dropout(0.5)) model.add(Dense(64, activation='relu')) model.add(Dense(10, activation='softmax'))

sgd = SGD(lr=0.01, decay=1e-6, momentum=0.9,nesterov=True) model.compile(loss='categorical_crossentropy',optimizer=sgd, metrics=['accuracy']) model.fit(x_train,y_train,epochs=20,batch_size=128)

model.summary() score = model.evaluate(x_test,y_test, batch_size=128)

fmodel = foolbox.models.KerasModel(model, bounds=(0,1))

attack = foolbox.attacks.FGSM(fmodel) adversarial = attack(x_test,y_test) print(adversarial.shape())

Please suggest a solution to resolve this?

wusf18 commented 5 years ago

Hello, now the "AttributeError: 'Sequential' object has no attribute 'bounds'" have disappeared, but adversarial = attack(x_test,y_test) have error again. ValueError: Cannot feed value of shape (1, 100, 20) for Tensor 'dense_1_input:0', which has shape '(?, 20)'

Please suggest a solution to resolve this?

jonasrauber commented 5 years ago

You shouldn't pass batches to the attack.

wusf18 commented 5 years ago

You shouldn't pass batches to the attack.

But when I only test this use one sample , it got errors again.

adversarial = attack(x_test[0],y_test[0])

Error is like this: [[Node: dense_1/MatMul = MatMul[T=DT_FLOAT, transpose_a=false, transpose_b=false, _device="/job:localhost/replica:0/task:0/device:GPU:0"](_arg_dense_1_input_0_0/_115, dense_1/kernel/read)]] [[Node: dense_3/BiasAdd/_117 = _Recv[client_terminated=false, recv_device="/job:localhost/replica:0/task:0/device:CPU:0", send_device="/job:localhost/replica:0/task:0/device:GPU:0", send_device_incarnation=1, tensor_name="edge_55_dense_3/BiasAdd", tensor_type=DT_FLOAT, _device="/job:localhost/replica:0/task:0/device:CPU:0"]()]]

jonasrauber commented 5 years ago

Okay, I've tried your code now. You need to fix two things:

1) you have to pass the label as a a number, not as a one-hot encoded vector: adversarial = attack(x_test[0], np.argmax(y_test[0])) 2) adversarial.shape() should be adversarial.shape

Then it works...