tensorflow-adversarial icon indicating copy to clipboard operation
tensorflow-adversarial copied to clipboard

Published 20 hours ago verified publisher icon gongzhitaao

Some thoughts ... most adversarial examples that looks ok to human is because...

Open RnMss opened this issue 6 years ago • 2 comments

For a typical example 2018-04-10 4 46 37

Human may read it as "4" only because we know it's handwriting. And handwriting is done with a pen, and written by strokes.

If I tell you this is not written by hand, but printed by a printer. You probably tell me it's definitely a "9" not a "4". (And you might use your common sense, that a printer might lack ink.)

If I just tell myself, they are not handwritings, they are prints, ink sprayed on water or paper made of rubber, many examples doesn't look strange anymore.

So the difference is probably in the training data.

RnMss avatar Apr 10 '18 08:04 RnMss

The MNIST example is only for illustration. For real RGB images, you could make it an adversarial one by changing the color of one pixel. Surely it depends on the data and the model.

gongzhitaao avatar Apr 10 '18 12:04 gongzhitaao

The example is also ... just an example.

RnMss avatar Apr 14 '18 16:04 RnMss