Replies: 1 comment 10 replies
-
Hi @LGB7 Thank you very much for the first contribution to ART Discussions! I have missed it for a few days, but I'll take a closer look today. |
Beta Was this translation helpful? Give feedback.
10 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello,
I have been working on a project that involves crafting adversarial examples and then testing the pretrained model's accuracy and that of the PyTorchClassifier on those crafted examples.
Before crafting the examples, the accuracies of the original pretrained model and the PyTorchClassifier from ART on the original normalized CIFAR 10 dataset are the same. However, after crafting the examples using the classifier and any of the ART attacks, and testing those examples again on the classifier and the model, the accuracies are different and even some are giving illogical results like accuracies greater than 100% (the code example given below).
Here are samples of the code used:
I am using PyTorch.
The pretrained model used is the VGG11, and the classifier is imported from art.estimators.classification. The loss function used is the torch.nn.HingeEmbeddingLoss() and the optimizer is the Adam optimizer (torch.optim.Adam)
'''
classifier = PyTorchClassifier(
model=model,
clip_values=(min_pixel_value, max_pixel_value),
loss=criterion,
optimizer=optimizer,
input_shape=(3, 32, 32),
nb_classes=10,
)
'''
1- For crafting the adversarial examples:
'''
#Crafting the adversarial example with DeepFool
logger.info("Create DeepFool attack")
adv_crafter = DeepFool(classifier, max_iter=10, verbose=True)
logger.info("Craft attack test examples")
x_test_adv = adv_crafter.generate(x_test_norm)
x_test_adv=torch.from_numpy(x_test_adv)
y_test_adv=torch.from_numpy(y_test)
'''
with the "x_test_norm" being the normalized testing samples of the cifar10 dataset, "y_test" the classes, and the DeepFool attack was imported from art.attacks.evasion.
2- And then for the testing and getting the accuracy results:
'''
#Evaluate the classifier on the adversarial samples
preds = np.argmax(classifier.predict(x_test_adv), axis=1)
acc = np.sum(preds == np.argmax(y_test, axis=1)) / y_test.shape[0]
logger.info("Classifier before adversarial training")
logger.info("Accuracy on adversarial samples: %.2f%%", (acc * 100))
testset_adv=torch.utils.data.TensorDataset(x_test_adv,y_test_adv)
testloader_adv=torch.utils.data.DataLoader(testset_adv, batch_size=10000,
shuffle=False, num_workers=2)
#Evaluate the original model
correct = 0
total = 0
with torch.no_grad():
for batch_idx, (inputs, targets) in enumerate(testloader_adv):
inputs, targets = inputs.to(device), targets.to(device)
outputs = model(inputs)
targets=targets.permute(1,0)
_, predicted = outputs.max(1)
total += targets.size(1)
#total += targets.size(0)
correct += predicted.eq(targets).sum().item()
print('Acc: ', 100.*correct/total, '%')
'''
Has anyone encountered a similar problem and can help?
Thank you!
Beta Was this translation helpful? Give feedback.
All reactions