DBA icon indicating copy to clipboard operation
DBA copied to clipboard

Published 20 hours ago verified publisher icon Mrzhouqifei

the target of the bim attack in the code?

Open SYLL-star opened this issue 3 years ago • 3 comments

  1. Why in the code, the y of the undercover attack in the MLP stage is 0 and 1, instead of predicting the label ?the paper mentioned that the target of the undercover attack is the prediction of the model.
  2. Why doesn't undercoverNet need to open the test mode? undercoverNet.eval()?

SYLL-star avatar Jul 14 '21 04:07 SYLL-star

I also find the problem mentioned by @SYLL-star in 1 and I think it should be marked as a bug. The related code as shown below:

normal_x = torch.cat(normal_samples, dim=0) adversarial_x = torch.cat(adversarial_samples, dim=0) normal_y = torch.zeros(normal_x.shape[0]).long() adversarial_y = torch.ones(adversarial_x.shape[0]).long()

and

x, y = x.to(device), y.to(device) undercover_adv = undercover_gradient_attacker.fgsm(x, x, False, 1/255)

This is a critical bug as which gives the defender a priori knowledge that a benign sample will be attacked to label 0, while an adversarial example will be attacked to label 1.

Although this bug is important, it is easy to fix. I can provide a pull request for the bug if you need, but there is no guarantee that the result obtained will be as good as which methioned in the original paper, and by my own implementation, I found that there is some gap between the two results.

persistz avatar Aug 07 '21 06:08 persistz

I also find the problem mentioned by @SYLL-star in 1 and I think it should be marked as a bug. The related code as shown below:

normal_x = torch.cat(normal_samples, dim=0) adversarial_x = torch.cat(adversarial_samples, dim=0) normal_y = torch.zeros(normal_x.shape[0]).long() adversarial_y = torch.ones(adversarial_x.shape[0]).long()

This is a critical bug as which gives the defender a priori knowledge that a benign sample will be attacked to label 0, while an adversarial example will be attacked to label 1.

Although this bug is important, it is easy to fix. I can provide a pull request for the bug if you need, but there is no guarantee that the result obtained will be as good as which methioned in the original paper, and by my own implementation, I found that there is some gap between the two results.

I also modified this code according to the description of his paper, and the final result is also very different from the table in the paper. If possible, can I take a look at your pull request, thank you very much !

SYLL-star avatar Aug 14 '21 09:08 SYLL-star

I also modified this code according to the description of his paper, and the final result is also very different from the table in the paper. If possible, can I take a look at your pull request, thank you very much!

Sure, you can feel free to contact me by email. I‘d like to provide relevant codes.

persistz avatar Aug 21 '21 07:08 persistz