What I need is to generate adversarial examples using Cleverhans Library and Imagenet, i followed test_imagenet_attacks.py (cleverhans/examples/test_imagenet_attacks.py), but the adversarial examples could not be generated correctly by the methods such as DeepFool or C&W which need the sess param.
Fregment of the code is as follows:
......
with tf.Graph().as_default():
x_input = tf.placeholder(tf.float32,shape = batch_shape)
#num_classes = 1001
model = InceptionModel(num_classes)
with tf.Session() as sess:
dp = DeepFool(model,sess=sess)
x_adv = dp.generate(x_input, clip_min=-1., clip_max=1.)
sess.run(tf.global_variables_initializer())
saver = tf.train.Saver(slim.get_model_variables())
session_creator = tf.train.ChiefSessionCreator(
scaffold=tf.train.Scaffold(saver=saver),
checkpoint_filename_with_path=FLAGS.checkpoint_path,
master=FLAGS.master,
)
with tf.train.MonitoredSession(session_creator=session_creator) as sess:
for filenames, images in load_images(FLAGS.input_dir, batch_shape):
adv_images = sess.run(x_adv, feed_dict={x_input: images})
......
The result is:
Attack result at iteration 0 is [797]
Attack result at iteration 5 is [797]
Attack result at iteration 7 is [959]
1 out of 1 become adversarial examples at iteration 7
ILSVRC2012_val_00000001.png is done.
Attack result at iteration 0 is [797]
Attack result at iteration 5 is [959]
1 out of 1 become adversarial examples at iteration 5
ILSVRC2012_val_00000002.png is done.
Attack result at iteration 0 is [797]
Attack result at iteration 5 is [797]
Attack result at iteration 6 is [959]
1 out of 1 become adversarial examples at iteration 6
ILSVRC2012_val_00000003.png is done.
......
As the results you see, the labels of original images are all 797, and that of adversarial examples are all 959, both of the cases are obviously wrong.
Would you help me find the mistakes? Thank you.
What I need is to generate adversarial examples using Cleverhans Library and Imagenet, i followed test_imagenet_attacks.py (cleverhans/examples/test_imagenet_attacks.py), but the adversarial examples could not be generated correctly by the methods such as DeepFool or C&W which need the sess param. Fregment of the code is as follows:
The result is:
As the results you see, the labels of original images are all 797, and that of adversarial examples are all 959, both of the cases are obviously wrong. Would you help me find the mistakes? Thank you.