Closed lith0613 closed 5 years ago
carlini
commented
5 years ago The default parameters should work. I had someone else tell me earlier that the L0 attack wasn't performing correctly, but couldn't reproduce the issues to look into it.
Do you see this issue when running the code on your model? Or using the test script that's loaded here?
lith0613
commented
5 years ago The l0_attack was valid, but when I calculated L0 norm between the adversarial results and the original inputs, I found the L0 norm value was very big, very close to 3072 in cifar. Maybe these minor changes was caused during the save and reload process of float adv array. Thanks for your reply !
carlini
commented
5 years ago The save and load difference is possible. Could you check what the differences were between the images?
lith0613
commented
5 years ago The difference was caused by the data conversion process, I used my own data loading function and forgot to set the data type, the right action is as follows:
inputs = np.array(inputs,dtype='float32')
I want to reproduce the experiment result in cifar and mnist, can you share me your hyper parameters for all the l0, l2 and li attack? Or you just use the default parameters in both mnist and cifar datasets ? I have tried the default hyper parameters for cifar in l0 attack, but the noise of the adversarial examples were not sparse, that is to say, the L0 value of the noise were similar to the L0 value in the l2 attack. Can you give some help ? Thanks!