Comments (3)
Hi @HIT1180300227 I think this implementation of JSMA is neglecting the additional terms on gradients towards classes other than the target class. Have you been able to use the attack successfully?
from adversarial-robustness-toolbox.
Hi @beat-buesser ,
I use JSMA method in ids(intrusion detection system) field.Specifically, I use the targeted JSMA method on the statistical feature vectors as follows:
art_classifier = KerasClassifier(model=model, use_logits=False)
attack = SaliencyMapMethod(classifier=art_classifier, theta=theta, gamma=gamma, batch_size=1,verbose=True)
#x_test are original statistical feature vectors
targeted_x_test_jsma = attack.generate(x=x_test,y=numpy_targets)
Before using jsma attack,I can get 90% classification accuracy.After using this attack method, the classification accuracy will be reduced to 20%.
It seems that although the implementation of this attack method is not consistent with the original paper, it can still successfully confuse the classification model.
Why does the jsma attack still work?
from adversarial-robustness-toolbox.
Hi @HIT1180300227 I think it still works because the main component of the gradients is the same, e.g. the direction in which the current classes' logit value decreases. The paper is more accurate by requiring additional terms for updates to this direction to make sure the other logins are not increasing. It looks that for many applications these additional therms might be small/negligible, but it would be more complicated to implement.
from adversarial-robustness-toolbox.
Related Issues (20)
- Printable representation of Attack objects [JATIC-I2-IBM]
- Troubleshooting and Solution for 'unsupported operand type(s) for /' Error in adversarial_patch_tensorflow.py (Line 277) HOT 2
- Square Attack Bug: Tensor shape mismatch resulting in ValueError when attempting broadcast HOT 3
- Implementation of Progress Bars for ART Estimators
- Can CLEVER's evaluation metrics be used in our pytorch models? How to use it, thank you.
- support for yolov5-seg HOT 1
- Flexible metric function for accuracy and l2 norm [JATIC-I2-IBM]
- NaNs in Wasserstein Attack HOT 5
- Regarding duplicated queries in the Square Attack HOT 2
- Formatting of Documentation is Broken HOT 2
- `ActivationDefense` and `SpectralSignatures` expect flattened activations HOT 1
- Implement `get_activations()` for PyTorch Object Detectors HOT 1
- TensorFlow Addons is end of life in May 2024 HOT 3
- pgd attack usage
- BrendelBethgeAttack breaks with array clip range HOT 2
- Update the speech recognizer class to work with up-to-date versions of ART
- Update the speech recognizer class to work with up-to-date versions of ART HOT 1
- Implement dirty label poisoning attacks for speech recognition models
- Implement dirty label poisoning attacks for speech recognition models
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from adversarial-robustness-toolbox.