hyperparticle / one-pixel-attack-keras Goto Github PK

There are some preliminary results of the one-pixel attack performed on Cifar10 in the repo, but it is not quite as comprehensive as seen in https://arxiv.org/abs/1710.08864. It would be nice to not only replicate the experiments but also match (or surpass) their metrics.

When I run python train.py --model resnet --epochs 200 --batch_size 128
It occurs an error:

Traceback (most recent call last):
File "train.py", line 40, in
model.train()
File "/home/cvers/zgz/one-pixel-attack-keras-master/networks/resnet.py", line 162, in train
self.param_count = self._model.count_params()
AttributeError: 'ResNet' object has no attribute '_model'
Exception ignored in: <bound method BaseSession.del of <tensorflow.python.client.session.Session object at 0x7f9c07081be0>>
Traceback (most recent call last):
File "/home/cvers/anaconda3/envs/tensorflow/lib/python3.5/site-packages/tensorflow/python/client/session.py", line 701, in del
TypeError: 'NoneType' object is not callable

Hello, I want to ask a question about the dataset.
Here, "Attack on 1,3,5 pixel perturbations (100 samples)" refers to the result of an attack on 100 images randomly selected from the original cifar10 dataset?
Or is it the result of generating 100 adversarial images for each of the 10,000 images in the cifar10 test dataset? Thank you！

Hello, could you please tell me about how to use? Thank you!

The previous commit ae232d7 partially fixes some wrong attributes usages. One usage is still not fixed, and is triggered when calling attack_all() with targeted=True:

pylint E0401:unable to import 'keras.utils'
unable to import networks.capsulenet.capsule_net
when i uesed ''python attack.py --model densenet capsnet'',the above problems appeared,Who can help me t how to solve it?tanks a lot

File "helper.py", line 32
x_pos, y_pos, *rgb = pixel
^
SyntaxError: invalid syntax
I met this problem while running the "imports" of "1_one-pixel-attack-cifar10", with both python2 and python3.

Hello:
I feel puzzled about that if just changing one pixel can implement the targeted attack. I think only one-pixel change can not make the target that attacked with clear.
Please tell me how does the targeted attack work with so few pixel.
Thank you!

I trained the transformer architecture in the below github repo:
https://github.com/keras-team/keras-io/blob/master/examples/vision/image_classification_with_vision_transformer.py

I also have a .h5 file of the saved model added to the networks/models

How do I try the attack on it?

Thanks

Hello, after running attack.py, the pkl file is saved. I would like to ask how to display the image after the attack? Attack is to perturb a single pixel. Has the value of other pixels in the image changed? Thank you and look forward to your reply.

I want to conduct a single pixel attack experiment on my own data set. What should I do?

Hi,

Just a suggestion:
numpy.random.choice(img_samples, samples) should be changed to numpy.random.choice(img_samples, samples, replace=False)

so images aren't duplicated during larger iterations.

There is a argument，targeted，in the attack.py .

parser.add_argument('--targeted', action='store_false', help='Set this switch to test for targeted attacks.')

Please tell me,if the action = 'store_false',the attack is targeted or not?
Thank u for answering my issue.

using model lenet , when attacking it warns that "RuntimeWarning: divide by zero encountered in double_scalars" convergence=self.tol / convergence) is True):
it means covergence is zero? i dont know how to fix this please help me!
the error is appears in differential _evolution.py :585

Hey, @Hyperparticle.

Such a nice collection of materials, thank you!

I tried extending the CIFAR10 example to do some comparisons. It appears to me that for the kind of computational budget you followed, it's pretty hard to get a successful attack even on a small CNN (15722 learnable parameters).

Here's my notebook that does the comparison - https://colab.research.google.com/drive/1TKxtY63dqcuWAvrrDaDx3PQ3M7_xntQr?usp=sharing.

Am I missing out on something? One of the things I have changed is I have scaled the pixel values to be in the range of [0, 1]. Any help is much appreciated. Thanks!

Function attack_success takes argument img which is an id of the image in the dataset. Wouldn't it be clearer if this variable is called img_id or something like this? Or we could pass the whole image from the dataset instead.

I try to use the gpu in the one-pixel attack for imagenet, because the model run on imagenet is too slow, but I use os.environ["CUDA_VISIBLE_DEVICES"] seems did not work, can you give some help. Thanks so much !

我安装了requirement.txt里面的，但是它上面的没有完整的版本号

The paper, Attacking Convolutional Neural Network using Differential Evolution, explains how to tweak the one pixel attack to produce adversarial images that minimize the amount of perturbation in an image. It would be nice to incorporate these changes.

Modify 2_one-pixel-attack-imagenet.ipynb to download a sample subset of ImageNet files with appropriate labels. The files should be preprocessed as to be ready for the attack.

Hello everyone,

I am trying to fool the entire cifar10 data-set by using the one-pixel attack and download it for a project.
As I do not know how the attack function has been made, I will be glad to get help from someone.
I noticed that I can only fool one image per iteration. What I would do is to fool many image then download them.

Best regards

Hello, I would like to ask why CIFAR-10 was not pre-processed in your code, while the image of ImageNet was pre-processed?
In addition, does the adversarial examples need to be pre-processed (such as normalization) before being fed into the model for reclassification?

It seems like imports are broken, which version of tensorflow/keras has been used?

ImportError: cannot import name 'Adam' from 'keras.optimizers'

in line from networks.pure_cnn import PureCnn

Similar to 1_one-pixel-attack-cifar10.ipynb, perform a series of targeted/targeted adversarial attacks using differential evolution and collect results. This is a continuation of #3.