search

bethgelab / foolbox

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
https://foolbox.jonasrauber.de
MIT License
2.77k stars 427 forks source link

DeepFool Bug Report, maybe not buggy, But Really Important I think #325

Closed Marvinmw closed 5 years ago

Marvinmw commented 5 years ago

I use DeepFool to generate the adversarial images using a simple MLP model and MNIST dataset. I randomly pick 100 imges from MNIST.

keras.backend.set_learning_phase(0)
adv_x = []
attack = foolbox.attacks.DeepFoolAttack(kerasmodel)
succ_case = []
for i in tqdm(range(len(input_x))):
      img = attack(input_x[i], input_y[i])
      if not(img is None):
            succ_case.extend([i])
            adv_x.append(img)

advarray = np.asarray(adv_x)
sy = []
#Predict one by one
for j in range(len(adv_x)):
        x = advarray[j]
        y1 = model.predict_classes(x[np.newaxis, ...])[0]
        sy.append(y1)

#Predict Batch
by = model.predict_classes(advarray) # if we set batch_size=1, then yy and sy will be the same.
print(np.sum(yy != sy)) #will not be zero. yy and sy should be the same but not.
persistz commented 5 years ago

In your code fragment, there is no yy.

Marvinmw commented 5 years ago

In your code fragment, there is no yy.

I solved the problem. yy should be by.