rdang-nhu
commented
3 years ago Hi. The attack_step_score method is the implementation of Score function estimator 3.1 in the paper. See #4 for the meaning of the different quantities. This multiplication is essentially a manual application of the chain rule, where the gradient loss -> mean (computed with loss.backward()) and the gradient mean -> perturbation (computed with aux_estimate.backward()). This application of the chain rule needs to be done manually because score function estimators require to freeze different gradients at different steps (with requires_grad = False).
HenryPengZou
https://github.com/eth-sri/probabilistic-forecasts-attacks/blob/df78ffd7375089bb7b38fbf55bb840b7699365eb/Finance/attack/attacks.py#L104-L109
Hi, what does it mean here to 'Multiply the two, and set it in perturbation', could you provide a mathematical description? I think it has something to do with two gradients.