I found that IDEA is innovative after reading this paper. But there were some things that bothered me during I read the code of model prediction phase that I hope you can answer it.
|
if args.attack is not None: |
|
evaluate_adversarial(model, test_loader, criterion, aux_criterion, attack, pfy, device) |
Begin to evaluate adversarial smaples in abode code.
-
when defense CW attack, why should pass in the parameter y and it's impossible to know y at the prediction stage.
|
def cw(model, criterion, X, y=None, epsilon=0.1, num_classes=10): |
|
delta = L2Adversary()(model, X.clone().detach(), y, num_classes=num_classes).to(X.device) - X |
|
delta_norm = torch.norm(delta, p=2, dim=(1,2,3), keepdim=True) + 1e-4 |
|
delta_proj = (delta_norm > epsilon) * delta / delta_norm * epsilon + (delta_norm < epsilon) * delta |
|
return delta_proj |
|
assert len(targets.size()) == 1 |
-
defense_wrapper function are handled in different ways depending on the attack method, but it's impossible to know which attack method the sample was generated by at the prediction stage.
Could you explain it? please.
I found that IDEA is innovative after reading this paper. But there were some things that bothered me during I read the code of model prediction phase that I hope you can answer it.
SOAP/main.py
Lines 288 to 289 in 0953512
Begin to evaluate adversarial smaples in abode code.
when defense CW attack, why should pass in the parameter
yand it's impossible to know y at the prediction stage.SOAP/attacks.py
Lines 84 to 88 in 0953512
SOAP/cw_attack.py
Line 147 in 0953512
defense_wrapperfunction are handled in different ways depending on the attack method, but it's impossible to know which attack method the sample was generated by at the prediction stage.Could you explain it? please.