cg563 / simple-blackbox-attack

Code for ICML 2019 paper "Simple Black-box Adversarial Attacks"
MIT License
194 stars 56 forks source link

Models and Own Dataset #10

Closed linaemunsamy closed 3 years ago

linaemunsamy commented 4 years ago

Hi,

I am new to adversarial noise and would like to implement this black box approach onto images. Can I use this on my own dataset? What does (model,x,y) refer to in simba single? Is this my own model trained on the dataset or another pretrained model?

Any help will be much appreciated!

cg563 commented 4 years ago

You should be able to use the attack on any dataset.

model is the victim model, which could be pre-trained or custom trained. x is the original image that you want to attack, and y is the true label of x that model predicts.

The utils.apply_normalization function might need to be modified depending on how your dataset is normalized. Right now it defaults to the ImageNet normalization scheme.

Let me know if you need any further clarification.

linaemunsamy commented 4 years ago

Hi,

Thanks for the quick response. Can I use a model and labels from an object detection framework?

On Wed, 05 Aug 2020 at 18:04, cg563 notifications@github.com wrote:

You should be able to use the attack on any dataset.

model is the pre-trained model, which could be pre-trained or custom trained. x is the original image that you want to attack, and y is the true label of x that model predicts.

The utils.apply_normalization function might need to be modified depending on how your dataset is normalized. Right now it defaults to the ImageNet normalization scheme.

Let me know if you need any further clarification.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/cg563/simple-blackbox-attack/issues/10#issuecomment-669280949, or unsubscribe https://github.com/notifications/unsubscribe-auth/ANCPVBJQD4HPLJWXWXCMFMDR7F7IJANCNFSM4PVMJI2Q .

cg563 commented 4 years ago

In principle, you should be able to use any model as long as it returns some continuous-valued confidence score. I haven't tried the method on object detection so I cannot guarantee that it will work.

lumbeeluva03 commented 3 years ago

I keep getting the following error at this line [ output = model(normalize(x.cuda())).cpu() ] in simba_single.py TypeError: Cannot convert value torch.float32 to a TensorFlow DType.

Can you provide an example of how I should be importing an image to provide via the x variable?

For context, this is how I am currently importing images, which results in a Tensor with dtype torch.float32: data_dir = "data/"

transform = transforms.Compose([transforms.Resize(255), transforms.CenterCrop(224), transforms.ToTensor()])

dataset = datasets.ImageFolder(data_dir, transform=transform) dataloader = torch.utils.data.DataLoader(dataset, batch_size=1) images, labels = next(iter(dataloader)) x = images[0]

cg563 commented 3 years ago

The data loading code you provided looks correct to me.

I'm confused about why the error mentions TensorFlow DType. Are you using TensorFlow at any point in your code?

lumbeeluva03 commented 3 years ago

I am running the code in colab and the model is a pre-trained model generated using keras.Sent from my Verizon, Samsung Galaxy smartphone -------- Original message --------From: Chuan Guo notifications@github.com Date: 11/8/20 17:46 (GMT-05:00) To: cg563/simple-blackbox-attack simple-blackbox-attack@noreply.github.com Cc: lumbeeluva03 lumbeeluva03@yahoo.com, Comment comment@noreply.github.com Subject: Re: [cg563/simple-blackbox-attack] Models and Own Dataset (#10) The data loading code you provided looks correct to me. I'm confused about why the error mentions TensorFlow DType. Are you using TensorFlow at any point in your code?

—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or unsubscribe.

cg563 commented 3 years ago

Ok, that might be an issue. The keras model could be using TensorFlow backend, but the data loading code is outputting PyTorch tensors. It would require a bit of work getting the code to work with TF models.

lumbeeluva03 commented 3 years ago

Understood, I was afraid of that and thank you for the insight.Sent from my Verizon, Samsung Galaxy smartphone -------- Original message --------From: Chuan Guo notifications@github.com Date: 11/8/20 18:41 (GMT-05:00) To: cg563/simple-blackbox-attack simple-blackbox-attack@noreply.github.com Cc: lumbeeluva03 lumbeeluva03@yahoo.com, Comment comment@noreply.github.com Subject: Re: [cg563/simple-blackbox-attack] Models and Own Dataset (#10) Ok, that might be an issue. The keras model could be using TensorFlow backend, but the data loading code is outputting PyTorch tensors. It would require a bit of work getting the code to work with TF models.

—You are receiving this because you commented.Reply to this email directly, view it on GitHub, or unsubscribe.