In fact, your SR is 99% only in the case of untargeted attack

mathcbc / advGAN_pytorch

a Pytorch implementation of the paper "Generating Adversarial Examples with Adversarial Networks" (advGAN).

254 stars 65 forks source link

In fact, your SR is 99% only in the case of untargeted attack #1

Closed Sunshine352 closed 5 years ago

mathcbc commented 5 years ago

the accuracy of the targeted model toward adversarial examples is 1%，so the attack success rate (SR) is 99%, I think my code is correct.

On 11/23/2018 13:03, Zhaomang Sun wrote:

pred_lab = torch.argmax(target_model(adv_img), 1) num_correct += torch.sum(pred_lab==test_label, 0) pred_lab should be equal to targeted label, which is different from ground-truth label

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.

Sunshine352 commented 5 years ago

Oh, it's right. But you test SR in the case of targeted attack?

Sunshine352 commented 5 years ago

In addition, the line 'num_correct += torch.sum(pred_lab==test_label,0)' , pred_lab is the label of adv-image, test_label is the gt-label. Though target_model acc is high enough, the test-acc in test set is not 100%. So you should conduct the adversarial attack in the correct-classification samples among test set.

mathcbc commented 5 years ago

No, it's untargeted attack.

On 11/23/2018 16:55, Zhaomang Sun wrote:

Oh, it's right. But you test SR in the case of targeted attack?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.