search

bethgelab / foolbox

A Python toolbox to create adversarial examples that fool neural networks in PyTorch, TensorFlow, and JAX
https://foolbox.jonasrauber.de
MIT License
2.71k stars 422 forks source link

Improve documentation #654

Open zimmerrol opened 2 years ago

zimmerrol commented 2 years ago

Since the current documentation lacks some important details for users and might make using foolbox harder than it has to be, we should improve this. Let us collect suggestions for what to improve by either posting the ideas or linking the respective issues.

zimmerrol commented 2 years ago
  1. Are models expected to return logits or probabilities? (e.g. #618)
  2. Which attacks currently exist and what modes/criteria do they support? (i.e. #653)
jangop commented 2 years ago
  1. List and explain implemented criteria, and show how they are used.

labels are automagically interpreted as Misclassification, which hides the necessity and importance of criteria (see https://github.com/bethgelab/foolbox/issues/543#issuecomment-631861469)

This would also solve #609.

jangop commented 2 years ago
  1. List related projects, such as cleverhans and torchattacks.
jangop commented 2 years ago
  1. What values are returned by attacks and what do they mean?

This is mostly about the relationship between raw adversarials and clipped adversarials. Also, what does is_adversarial relate to?

zimmerrol commented 2 years ago
  1. How can one use the implemented attacks with sigmoid networks, i.e. there is only a single output (see #664)?
jfsullivan1 commented 1 year ago

The documentation should include what you guys have changed since foolbox 1.8.0, for example, a lot of the attack classes take different initialization and call parameters and are initialized differently in 3.x.x compared to 1.8.0. This causes issues when a user tries to run old code using foolbox 1.8.0 implementation but with the most up-to-date version of foolbox. So, a good thing to include for attacks that have changed might be minimal examples of how to upgrade legacy foolbox usage to the most current usage.

SerezD commented 5 months ago

Hi, I noticed there is a wrong link in the actual documentation at: https://foolbox.readthedocs.io/en/stable/modules/attacks.html

The reference for InversionAttack is:

Hossein Hosseini, Baicen Xiao, Mayoore Jaiswal, Radha Poovendran, “On the Limitation of Convolutional Neural Networks in Recognizing Negative Images”, https://arxiv.org/abs/1607.02533

where the link points to the paper: "Adversarial examples in the physical world". The correct link should be: https://arxiv.org/abs/1703.06857