How to control the pixel number to be noised ?
lith0613 opened this issue · 2 comments
I want to control the adversarial example with a fixed noised pixel level, i.e. set the L0 norm between the adversarial example and original image to be about image.size*c%. For example, I want to set the L0 norm in cifar to be about 32x32x3x20%. (Probably in this range, no exact values are needed) Can you give some help ?
There are two types of attacks:
- Maximize adversarialness subject to the distortion being less than some threshold.
- Minimize distortion subject to the image being adversarial.
This attack is of the second flavor. So you can't directly control how many pixels are perturbed, it will keep shrinking the number of pixels until it can't succeed any more.
The simplest thing to do is just to run the attack and then at the end check if the number of pixels that changed is less than your threshold. If yes, the attack succeeded. Slightly more efficient would be to add an extra check around here
https://github.com/carlini/nn_robust_attacks/blob/master/l0_attack.py#L228
That will break out of the loop if equal_count > threshold
.
There are two types of attacks:
- Maximize adversarialness subject to the distortion being less than some threshold.
- Minimize distortion subject to the image being adversarial.
This attack is of the second flavor. So you can't directly control how many pixels are perturbed, it will keep shrinking the number of pixels until it can't succeed any more.
The simplest thing to do is just to run the attack and then at the end check if the number of pixels that changed is less than your threshold. If yes, the attack succeeded. Slightly more efficient would be to add an extra check around here
https://github.com/carlini/nn_robust_attacks/blob/master/l0_attack.py#L228
That will break out of the loop ifequal_count > threshold
.
Yes, I have tried this method as your instruction and the result is okay!
equal_count = self.image_size**2-np.sum(np.all(np.abs(img-nimg[0])<.0001,axis=2))
if equal_count <threshold:
return last_solution
Thanks so much !