论文原文:DeepFool: a simple and accurate method to fool deep neural networks arXiv:1511.04599 [cs.LG]

思路

deepfool提出两种产生对抗样本的算法,二分类和多分类情况。并实验比较EOT、FGSM和deepfool三种算法的鲁棒性。

1、二分类器

  • 符号函数k^(x) = sign(f(x)) 其中 f(x) = wx + b。对样本添加扰动使得样本分类到距离最近的类。
  • r:样本到分类边界的最短距离*法线方向的单位向量

2、多分类器

  • k^(x)= fk(x),fk(x) 是向量f(x)的第k个维度,即第k个子分类器。
  • 计算样本到各个类的最小距离,取最近的一类,L为距离超平面最近的一类。

3、评估鲁棒性

通过扰动所占样本的比值来评估鲁棒性。下表为deepfool,EOT,FGSM三种算法的鲁棒性和运行时间对比


4、论文复现-多分类结果:

  • Evaluating on clean data
    loss: 0.0294 acc: 0.9900
  • Evaluating on adversarial data
    loss: 1.6897 acc: 0.1145
def _deepfool2(model, x, epochs, eta, clip_min, clip_max, min_prob):"""DeepFool二分类情况干净样本和对抗样本输出: +1/-1"""y0 = tf.stop_gradient(tf.reshape(model(x), [-1])[0])y0 = tf.to_int32(tf.greater(y0, 0.0))def _cond(i, z):xadv = tf.clip_by_value(x + z*(1+eta), clip_min, clip_max)y = tf.stop_gradient(tf.reshape(model(xadv), [-1])[0])y = tf.to_int32(tf.greater(y, 0.0))return tf.logical_and(tf.less(i, epochs), tf.equal(y0, y))def _body(i, z):xadv = tf.clip_by_value(x + z*(1+eta), clip_min, clip_max)y = tf.reshape(model(xadv), [-1])[0]g = tf.gradients(y, xadv)[0]dx = - y * g / (tf.norm(g) + 1e-10)  # 1范数:norm(1)return i+1, z+dx_, noise = tf.while_loop(_cond, _body, [0, tf.zeros_like(x)],name='_deepfool2', back_prop=False)return noise

def _deepfoolx(model, x, epochs, eta, clip_min, clip_max, min_prob):"""DeepFool多分类情况.分类到最大概率的标签."""y0 = tf.stop_gradient(model(x))y0 = tf.reshape(y0, [-1])k0 = tf.argmax(y0)ydim = y0.get_shape().as_list()[0]xdim = x.get_shape().as_list()[1:]xflat = _prod(xdim)def _cond(i, z):xadv = tf.clip_by_value(x + z*(1+eta), clip_min, clip_max)y = tf.reshape(model(xadv), [-1])p = tf.reduce_max(y)k = tf.argmax(y)return tf.logical_and(tf.less(i, epochs),tf.logical_or(tf.equal(k0, k),tf.less(p, min_prob)))def _body(i, z):xadv = tf.clip_by_value(x + z*(1+eta), clip_min, clip_max)y = tf.reshape(model(xadv), [-1])gs = [tf.reshape(tf.gradients(y[i], xadv)[0], [-1])for i in range(ydim)]g = tf.stack(gs, axis=0)yk, yo = y[k0], tf.concat((y[:k0], y[(k0+1):]), axis=0)gk, go = g[k0], tf.concat((g[:k0], g[(k0+1):]), axis=0)yo.set_shape(ydim - 1)go.set_shape([ydim - 1, xflat])a = tf.abs(yo - yk)b = go - gkc = tf.norm(b, axis=1)score = a / cind = tf.argmin(score)si, bi = score[ind], b[ind]dx = si * bidx = tf.reshape(dx, [-1] + xdim)return i+1, z+dx_, noise = tf.while_loop(_cond, _body, [0, tf.zeros_like(x)],name='_deepfoolx', back_prop=False)return noise

论文笔记--DeepFool: a simple and accurate method to fool deep neural networks相关推荐

  1. 论文那些事—DeepFool: a simple and accurate method to fool deep neural networks

    DeepFool: a simple and accurate method to fool deep neural networks 1.摘要及背景 提出Deepfool算法,对比FGSM和I-BL ...

  2. 小样本论文笔记5:Model Based - [6] One-shot learning with memory-augmented neural networks.

    小样本论文笔记5:Model Based - [6] One-shot learning with memory-augmented neural networks 文章目录 小样本论文笔记5:Mod ...

  3. 意图识别算法:噪音处理之O2U-Net: A Simple Noisy Label Detection Approach for Deep Neural Networks

    目录 问题描述 解决思路 具体过程 预训练阶段 Cyclical Training阶段 clean dataset训练阶段 实验结果 论文下载:O2U-Net: A Simple Noisy Labe ...

  4. Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Neural Networks论文笔记

    Procedural Noise Adversarial Examples for Black-Box Attacks on Deep Neural Networks论文笔记 0. 概述 如今一些深度 ...

  5. [论文阅读笔记58]Learning from Noisy Labels with Deep Neural Networks:A Survey

    1.题目 Learning from Noisy Labels with Deep Neural Networks: A Survey 作者团队:韩国科学技术院(KAIST) Song H , Kim ...

  6. AlphaGo是如何炼成的:解读论文 Mastering the game of Go with deep neural networks and tree search

    这篇发表在nature 2016年1月27日上的文章题目为:"Mastering the game of Go with deep neural networks and tree sear ...

  7. 论文笔记:Domain Randomization for Transferring Deep Neural Networks from Simulation to the Real World

    Domain Randomization for Transferring Deep Neural Networks from Simulation to the Real World 文章概况 作者 ...

  8. [论文阅读笔记]Deep Neural Networks are Easily Fooled:High Confidence Predictions for Unrecognizable Images

    Deep Neural Networks are Easily Fooled:High Confidence Predictions for Unrecognizable Images(CVPR201 ...

  9. [深度学习论文笔记][Adversarial Examples] Deep Neural Networks are Easily Fooled: High Confidence Predictions

    Nguyen, Anh, Jason Yosinski, and Jeff Clune. "Deep neural networks are easily fooled: High conf ...

  10. [论文阅读] ICCV2015 Joint Fine-Tuning in Deep Neural Networks for Facial Expression Recognition

    Joint Fine-Tuning in Deep Neural Networks for Facial Expression Recognition 论文链接:https://ieeexplore. ...

最新文章

  1. Composer 篇
  2. django项目简单调取百度翻译接口
  3. Crackme006 - 全新160个CrackMe学习系列(图文|视频|注册机源码)
  4. 通过此注释改善您的JUnit体验
  5. mysql decode语句_MySQL复制问题的分析
  6. 断开式 Dgv 修改数据 winform
  7. Java并发之Condition的实现分析
  8. 深度学习——夏侯南溪关注的深度学习任务
  9. 一路风雨走过来:那些我亲密接触过的项目
  10. 啦啦外卖最新版41.9啦啦外卖41.9版本全开源
  11. TP-LINK TL-WR845N和腾达W311R怎么设置wds桥接
  12. matlab的金融分析工具,金融分析利器之 MATLAB空间计量工具箱
  13. Informer时序模型(自定义项目)
  14. 国产计算机系统哪个好,5大国产手机操作系统分析评测,你更中意谁?
  15. 保险与赌博的差异,航延险是赌博吗?
  16. python股票量化分析
  17. 347. Top K Frequent Elements
  18. VideoView播放视频的时候尺寸异常
  19. set Assigning an instance of ‘esri.***‘ which is not a subclass of ‘esri.***‘错误偶遇
  20. HTML+CSS实现炫酷的登录界面

热门文章

  1. Postgresql源码(41)plpgsql函数编译执行流程分析
  2. 用Python分析44万条数据,揭秘如何成为网易云音乐评论区的网红段子手
  3. matlab plotyy legend,Matlab如何在plotyy中设置legend可以显示四条不同的曲线描述
  4. Android仓库管理系统
  5. java 循环依赖_Java详解之Spring Bean的循环依赖解决方案
  6. 虫虫吃第一颗豆子---第一次作业
  7. Skin Pack Auto UXThemePatcher-Win8 UXTheme桌面主题破解补丁
  8. 【题解:洛谷4186||USACO18JAN Cow at Large G】
  9. 2021 部分团队的年终总结
  10. pycharm双击打不开,没有反应,下列方法亲测有用!