zhipeng-wei
commented
2 years ago 感谢指正,已更新ReadMe。白盒模型是论文里面提到的ViT-B/16, PiT-B,CaiT-S-24 and Visformer-S。
Closed karryyzf closed 2 years ago
zhipeng-wei
commented
2 years ago 感谢指正,已更新ReadMe。白盒模型是论文里面提到的ViT-B/16, PiT-B,CaiT-S-24 and Visformer-S。
karryyzf
commented
2 years ago 白盒vit_base_patch16_224和黑盒deit_base_distilled_patch16_224(DeiT-B)的代码好像有小的问题
zhipeng-wei
commented
2 years ago 具体是什么问题呢? 模型读取过程利用的timm,可能timm版本迭代之后,模型的名字会发生一些改变。
karryyzf
commented
2 years ago 白盒 vit_base_patch16_224
"See the documentation of nn.Upsample for details.".format(mode)) Using L2 Traceback (most recent call last): File "/home/takai/code/transformer/our_attacks.py", line 54, in <module> adv_inps, loss_info = attack_method(batch_x, batch_y) File "/home/takai/code/transformer/our_method.py", line 87, in call images = self.forward(*input, kwargs) File "/home/takai/code/transformer/our_method.py", line 276, in forward cost1 = self.loss_flag loss(outputs, labels).cuda() # 计算输outputs和label之间的损失 File "/home/takai/.conda/envs/transformer/lib/python3.7/site-packages/torch/nn/modules/module.py", line 727, in _call_impl result = self.forward(input, kwargs) File "/home/takai/.conda/envs/transformer/lib/python3.7/site-packages/torch/nn/modules/loss.py", line 962, in forward ignore_index=self.ignore_index, reduction=self.reduction) File "/home/takai/.conda/envs/transformer/lib/python3.7/site-packages/torch/nn/functional.py", line 2470, in cross_entropy return nll_loss(log_softmax(input, 1), target, weight, None, ignore_index, None, reduction) File "/home/takai/.conda/envs/transformer/lib/python3.7/site-packages/torch/nn/functional.py", line 1607, in log_softmax ret = input.log_softmax(dim) # zyf modify AttributeError: 'list' object has no attribute 'log_softmax'
Process finished with exit code 1
这里input返回了列表类型 input[0]才是一个Tensor类型
黑盒deit_base_distilled_patch16_224 在评估的时候,也出现了列表类型的情况
Using 1000 1000 Loading Model. Ruing batch_idx 0 Traceback (most recent call last): File "/home/takai/code/transformer/evaluate.py", line 56, in <module> acc1, acc5 = accuracy(output.detach(), batch_y, topk=(1, 5)) # yzf 20220427 modify AttributeError: 'list' object has no attribute 'detach'
our_attack.py
请多指教 ------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月27日(星期三) 晚上9:33 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
具体是什么问题呢? 模型读取过程利用的timm,可能timm版本迭代之后,模型的名字会发生一些改变。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
zhipeng-wei
commented
2 years ago 关于deit_base_distilled_patch16_224-评估:
模型的输出为list,所以导致output.detach()失败; 关于vit_base_patch16_224:
loss(outputs, labels),这里的outputs和labels其中存在list。需要你确定一下是outputs还是labels为list。如果是outputs的话,很可能也是因为模型的输出为list。
以上,猜测可能是timm版本的问题,修改了模型的输出。 你的timm是什么版本呢?这里是timm==0.4.13。 此外,如果还是解决不了,可以查看一下模型输出list分别是什么,找到logit值来计算loss或者评估。 希望可以解决你的问题😊
karryyzf
commented
2 years ago 谢谢,不过我发现现在好像没有0.4.13版本的timm了,我使用的是0.4.12的版本
zhipeng-wei
commented
2 years ago 如果还有问题,欢迎随时问哈
karryyzf
commented
2 years ago 复现vit_base_patch16_224模型为白盒时,TOP-1达到99.3%
生成的图像会有这种鱼鳞状 不知道是什么原因
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 下午4:47 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
Closed #2.
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
zhipeng-wei
commented
2 years ago 看不到你发的图片,生成的对抗图片会限制在||x_adv-xclean||∞<16,其他论文的方法也满足这样的限制下。 可以放大一下论文中的figure3,也是可以看到噪声的。
karryyzf
commented
2 years ago 噪声可以看到,但是就是vit_base_patch16_224模型为白盒时,攻击其他模型的TOP-1很高,达到90+%,攻击效果不好,但是生成的图片是可以看到噪声的。 我在以其他模型为白盒时,就可以达到论文描述的准确率。我怕我是复现过程哪个地方出现了问题,但是一直没有找到,因为都是直接用源代码运行的。 请多指教
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上7:37 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
看不到你发的图片,生成的对抗图片会限制在||x_adv-xclean||∞<16,其他论文的方法也满足这样的限制下。 可以放大一下论文中的figure3,也是可以看到噪声的。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
zhipeng-wei
commented
2 years ago 是有点奇怪,猜测当前你使用版本的vit_base模型,在当前代码下(https://github.com/zhipeng-wei/PNA-PatchOut/blob/d2ca82e32926db94d065dbdd38cdd751f21c3c87/our_method.py#L117),执行register_backward_hook失败。 你可以输出当前版本下的vit_base模型,是否与该代码一致。
karryyzf
commented
2 years ago 您能把您的vit_base模型发我一下吗? 谢谢
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上8:26 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
是有点奇怪,猜测当前你使用版本的vit_base模型,在当前代码下(https://github.com/zhipeng-wei/PNA-PatchOut/blob/d2ca82e32926db94d065dbdd38cdd751f21c3c87/our_method.py#L117),执行register_backward_hook失败。 你可以输出当前版本下的vit_base模型,是否与该代码一致。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
zhipeng-wei
commented
2 years ago 论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。 建议还是检查一下当前模型是否register_backward_hook成功。
karryyzf
commented
2 years ago 你好,我想请问一下第二个实验是怎么做的呀?关于CNN的实验,接口需要改哪个地方呀?
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上9:05 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。 建议还是检查一下当前模型是否register_backward_hook成功。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
zhipeng-wei
commented
2 years ago 第二个实验的对抗样本仍是由4个ViTs模型生成的,但是在CNNs上进行了评估。 ------------------ Original ------------------ From: @.>; Date: Thu, May 5, 2022 12:58 PM To: @.>; Cc: @.>; "State @.>; Subject: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
你好,我想请问一下第二个实验是怎么做的呀?关于CNN的实验,接口需要改哪个地方呀?
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上9:05 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。 建议还是检查一下当前模型是否register_backward_hook成功。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.> — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you modified the open/close state.Message ID: @.>
karryyzf
commented
2 years ago 您好 您那有4个白盒模型分别攻击黑盒模型的成功率的数据吗?
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年5月6日(星期五) 下午3:50 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
第二个实验的对抗样本仍是由4个ViTs模型生成的,但是在CNNs上进行了评估。
------------------ Original ------------------
From: @.>;
Date: Thu, May 5, 2022 12:58 PM
To: @.>;
Cc: @.>; "State @.>;
Subject: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
你好,我想请问一下第二个实验是怎么做的呀?关于CNN的实验,接口需要改哪个地方呀?
------------------&nbsp;原始邮件&nbsp;------------------
发件人: "zhipeng-wei/PNA-PatchOut" @.&gt;;
发送时间:&nbsp;2022年4月28日(星期四) 晚上9:05
@.&gt;;
@.**@.&gt;;
主题:&nbsp;Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。
建议还是检查一下当前模型是否register_backward_hook成功。
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: @.&gt;
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you modified the open/close state.Message ID: @.>
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: @.***>
karryyzf
commented
1 year ago 您那边方便把jx_vit_base_p16_224-4ee7a4dc.pth模型发我一下吗?附件的形式 谢谢
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上9:05 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。 建议还是检查一下当前模型是否register_backward_hook成功。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
karryyzf
commented
1 year ago VanillaVisionTransformer( (patch_embed): PatchEmbed( (proj): Conv2d(3, 768, kernel_size=(16, 16), stride=(16, 16)) (norm): Identity() ) (pos_drop): Dropout(p=0.0, inplace=False) (blocks): Sequential( (0): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (1): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (2): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (3): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (4): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (5): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (6): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (7): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (8): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (9): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (10): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) (11): Block( (norm1): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (attn): Attention( (qkv): Linear(in_features=768, out_features=2304, bias=True) (attn_drop): Dropout(p=0.0, inplace=False) (proj): Linear(in_features=768, out_features=768, bias=True) (proj_drop): Dropout(p=0.0, inplace=False) ) (drop_path): Identity() (norm2): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (mlp): Mlp( (fc1): Linear(in_features=768, out_features=3072, bias=True) (act): GELU() (fc2): Linear(in_features=3072, out_features=768, bias=True) (drop): Dropout(p=0.0, inplace=False) ) ) ) (norm): LayerNorm((768,), eps=1e-06, elementwise_affine=True) (pre_logits): Identity() (head): Linear(in_features=768, out_features=1000, bias=True) )
模型注册成功的
------------------ 原始邮件 ------------------ 发件人: "zhipeng-wei/PNA-PatchOut" @.>; 发送时间: 2022年4月28日(星期四) 晚上9:05 @.>; @.**@.>; 主题: Re: [zhipeng-wei/PNA-PatchOut] PNA的白盒模型 (Issue #2)
论文中使用的就是timm提供的‘vit_base_patch16_224’模型,没有进行过修改或者重新训练。 建议还是检查一下当前模型是否register_backward_hook成功。
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
观看代码说白盒模型是vit_large_patch16_224, levit_256, cait_s24_224, tnt_s_patch16_224 论文中描述的是ViT-B/16, PiT-B,CaiT-S-24 and Visformer-S 有些不明白实验的白盒模型到底是哪几个?