Unable to reproduce L0 attack on MNIST

Question

Unable to reproduce L0 attack on MNIST

VishaalMK opened this issue 7 years ago · comments

Vishaal Munusamy Kabilan commented 7 years ago

The generated adversarial examples end up being in the range [-0.5,0.5] instead of [0,1].
I tried making some modifications to change the range, but was unsuccessful.
Could you give me some pointers to get the adv. images in the range [0,1]?

I am using the model mentioned under setup_mnist.py
Thanks

Nicholas Carlini · Answer 1 · Fri Jan 19 2018 00:59:39 GMT+0800 (China Standard Time)

If you're using the seup_mnist model and the data I supply, it's already in the range [-0.5,0.5].

If you need it in [0,1], then what I usually do is just transform the input ahead of time. So if your input is in the range [0,1] and your model takes [0,1] you can just make the first line of your model

def predict(self, xs):
    xs = xs+0.5
    [...]

and then call the attack by running

attack.attack(xs-0.5, ys)

Or, if you look at l2_attack.py there are boxmin and boxmax parameters there. That's another way to solve the issue, if you end up doing that I'd be happy to take a PR.

Vishaal Munusamy Kabilan · Answer 2 · Fri Jan 19 2018 09:19:20 GMT+0800 (China Standard Time)

It works! Thanks a lot for your help.