Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Boundary attack in targeted=True setting #2506

Open
aliotopal opened this issue Oct 10, 2024 · 5 comments
Open

Boundary attack in targeted=True setting #2506

aliotopal opened this issue Oct 10, 2024 · 5 comments
Assignees
Labels
question Further information is requested

Comments

@aliotopal
Copy link

When I test boundary attack in target=True settings and provide the target label like this:
boundary = BoundaryAttack(estimator= kclassifier,
batch_size= 64,
targeted= True,
delta= 0.01,
epsilon = 0.01,
step_adapt = 0.667,
max_iter = 5000,
num_trial = 25,
sample_size = 20,
init_size = 100,
min_epsilon= 0.0,
verbose = True)
img = load_img("acorn.JPEG", target_size=(224, 224), interpolation='lanczos')
img = img_to_array(img)
img = (np.expand_dims(img, axis=0))
ct = np.array([306])
adv_img = boundary.generate(img, y)

It does not iterate like in target=False setting. This is the only verbose I got:

Boundary attack: 100%|██████████| 1/1 [00:09<00:00, 9.96s/it]

then the attack finishes.

Am I doing something wrong.

@aliotopal aliotopal changed the title Boundary attack in target=True setting Boundary attack in targeted=True setting Oct 10, 2024
@beat-buesser
Copy link
Collaborator

Hi @aliotopal Please apologies my delayed response. What is the true label of the attacked image and what is the classification prediction of the model for that image?

@beat-buesser beat-buesser self-assigned this Oct 21, 2024
@beat-buesser beat-buesser added the question Further information is requested label Oct 21, 2024
@aliotopal
Copy link
Author

Hi, true label of the image is acorn, and it is classified as acorn with the classification prediction of the model.

@aliotopal
Copy link
Author

When it is untargeted we can see that it iterates till 5000 iteration, but when it is targeted it stops in first iterations as shown in verbose: Boundary attack: 100%|██████████| 1/1 [00:09<00:00, 9.96s/it]

@aliotopal
Copy link
Author

and the generated adversarial image is not adversarial, it is still in true label for the model we attacked.

@beat-buesser
Copy link
Collaborator

@aliotopal Sorry for the delay. Are the true label and the target label identical for these samples?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested
Projects
None yet
Development

No branches or pull requests

2 participants