m53297601
/
Paddle
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2b3ba40e6a'
${ noResults }
Paddle/adversarial/advbox/attacks/gradientsign.py

37 lines
1.3 KiB
Raw Blame History

"""
This module provide the attack method for FGSM's implement.
"""
from __future__ import division
import numpy as np
from collections import Iterable
from .base import Attack
class GradientSignAttack(Attack):
"""
This attack was originally implemented by Goodfellow et al. (2015) with the
infinity norm (and is known as the "Fast Gradient Sign Method"). This is therefore called
the Fast Gradient Method.
Paper link: https://arxiv.org/abs/1412.6572
"""
def _apply(self, image_batch, epsilons=1000):
pre_label = np.argmax(self.model.predict(image_batch))
min_, max_ = self.model.bounds()
gradient = self.model.gradient(image_batch)
gradient_sign = np.sign(gradient) * (max_ - min_)
if not isinstance(epsilons, Iterable):
epsilons = np.linspace(0, 1, num = epsilons + 1)
for epsilon in epsilons:
adv_img = image_batch[0][0].reshape(gradient_sign.shape) + epsilon * gradient_sign
adv_img = np.clip(adv_img, min_, max_)
adv_label = np.argmax(self.model.predict([(adv_img, 0)]))
#print("pre_label="+str(pre_label)+ " adv_label="+str(adv_label))
if pre_label != adv_label:
#print(epsilon, pre_label, adv_label)
return adv_img
FGSM = GradientSignAttack
Reference in new issue View Git Blame Copy Permalink