search

cleverhans-lab / cleverhans

An adversarial example library for constructing attacks, building defenses, and benchmarking both
MIT License
6.16k stars 1.39k forks source link

Help wanted #1164

Closed obkwin closed 3 years ago

obkwin commented 4 years ago

What I need is to generate adversarial examples using Cleverhans Library and Imagenet, i followed test_imagenet_attacks.py (cleverhans/examples/test_imagenet_attacks.py), but the adversarial examples could not be generated correctly by the methods such as DeepFool or C&W which need the sess param. Fregment of the code is as follows:

......
with tf.Graph().as_default():
  x_input = tf.placeholder(tf.float32,shape = batch_shape)
  #num_classes = 1001
  model = InceptionModel(num_classes)

    with tf.Session() as sess:
      dp = DeepFool(model,sess=sess)
      x_adv = dp.generate(x_input, clip_min=-1., clip_max=1.)
      sess.run(tf.global_variables_initializer())

      saver = tf.train.Saver(slim.get_model_variables())
      session_creator = tf.train.ChiefSessionCreator(
                        scaffold=tf.train.Scaffold(saver=saver),
                        checkpoint_filename_with_path=FLAGS.checkpoint_path,
                        master=FLAGS.master,
                        )

      with tf.train.MonitoredSession(session_creator=session_creator) as sess:
        for filenames, images in load_images(FLAGS.input_dir, batch_shape):
          adv_images = sess.run(x_adv, feed_dict={x_input: images})
......

The result is:

Attack result at iteration 0 is [797]
Attack result at iteration 5 is [797]
Attack result at iteration 7 is [959]
1 out of 1 become adversarial examples at iteration 7
ILSVRC2012_val_00000001.png is done.
Attack result at iteration 0 is [797]
Attack result at iteration 5 is [959]
1 out of 1 become adversarial examples at iteration 5
ILSVRC2012_val_00000002.png is done.
Attack result at iteration 0 is [797]
Attack result at iteration 5 is [797]
Attack result at iteration 6 is [959]
1 out of 1 become adversarial examples at iteration 6
ILSVRC2012_val_00000003.png is done.
......

As the results you see, the labels of original images are all 797, and that of adversarial examples are all 959, both of the cases are obviously wrong. Would you help me find the mistakes? Thank you.

jonasguan commented 3 years ago

Hi @obkwin , thanks for the interest in our library. Unfortunately, we can't provide support or maintenance for code in the examples/ directory.