adv_img not producing attack

Question

adv_img not producing attack

Opened this issue 6 years ago · 7 comments

Thanks for writing this up. I have a few doubts I was hoping you could help with.

When I save the output adv_img and plug it into hellochick's PSPNet for verification, the segmentation result comes out the same as the original. In other words, no segmentation attack occurs.

I experienced this problem once when working with PNGs, where the gradients are reversed because PNGs don't save as far as float32 precision. To work around this I saved the adv_img as a numpy .npy vector to retain all the original information.

Also, I noticed your segmented target image is different than your input image.

Can you please tell me how you were able to save the attack image and visualize the segmented attack image?

Thank you for your time.

Answer 1 · 2018-08-09T18:23:46.000Z

It's strange that you are not able to get the desired results. I saved the attacked image as a png and used the inference.py file to visualize the segmented output. It seems to work.
Also about the target image, it is supposed to be different from the actual labels. Since we want to fool the model into believing something else. This will make the model produce gradients which are propagated all the way up to the image, resulting in a perturbed image.

Answer 2 · 2018-09-27T17:56:16.000Z

I do face the same thing. The function does not create any adversarial image.

Answer 3 · 2018-09-27T19:54:24.000Z

Did you try running the inference.py with the saved adv_image obtained from adversarialExample.py ? Note: the adv_image looks exactly the same as the input image and visually you won't be able to make out any difference. @hosna

Answer 4 · 2018-09-27T20:02:26.000Z

I tried that. The inference works but not the adv image generator. If inference works on some image samples does not validate the correctness of your advexample code.

Answer 5 · 2018-09-27T22:22:38.000Z

The inference code is just for viewing the segmentation output of PSPNet. It's not specific for any image. You can try feeding the original image from the cityscapes dataset, you should get the output. So the image generated from advexample code generates a perturbed image, which when passed through the PSPNet for segmentation, the model generates output similar to ones shown in the results tab.

Answer 6 · 2018-09-28T08:50:30.000Z

your advgenerator does not perturb the image. Thats what I am telling you.

Answer 7 · 2018-09-29T00:39:26.000Z

I'll check once again and update the repo.