https://github.com/harry24k/fgsm-pytorch

A pytorch implementation of "Explaining and harnessing adversarial examples"
https://github.com/harry24k/fgsm-pytorch

adversarial-attacks deep-learning pytorch

Last synced: about 1 year ago
JSON representation

A pytorch implementation of "Explaining and harnessing adversarial examples"

• Host: GitHub
• URL: https://github.com/harry24k/fgsm-pytorch
• Owner: Harry24k
• License: mit
• Created: 2019-03-13T08:11:17.000Z (about 7 years ago)
• Default Branch: master
• Last Pushed: 2019-09-04T14:46:50.000Z (over 6 years ago)
• Last Synced: 2025-03-24T15:42:03.643Z (about 1 year ago)
• Topics: adversarial-attacks, deep-learning, pytorch
• Language: Jupyter Notebook
• Size: 698 KB
• Stars: 67
• Watchers: 1
• Forks: 16
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# FGSM-pytorch

**A pytorch implementation of "[Explaining and harnessing adversarial examples](https://arxiv.org/abs/1412.6572)"**

## Summary

This code is a pytorch implementation of **FGSM(Fast Gradient Sign Method).**   

In this code, I used FGSM to fool [Inception v3](https://arxiv.org/abs/1512.00567).   

The picture '[Giant Panda](http://www.image-net.org/)' is exactly the same as in the paper.   

You can add other pictures with a folder with the label name in the 'data'.   

## Requirements

* python==3.6   

* numpy==1.14.2   

* pytorch==1.0.0   

## Important results not in the code

- Mathmatical Results

   - There are some important difference between adversarial training and L1 weight decay. (p.4)

      - On logistic regression,

      - Adversarial training : the L1 penalty is subtracted off inside of the activation during training.

      - L1 weight decay : the L1 penalty is added to the training cost(=outside of the activation) during training.

- Experimental Results

   - We can use FGSM for a regularizer but it does not defend against all adversarial attack images. (p.5)

   - RBF networks are resistant to adversarial examples, but not for Linear. (p.7)

      - The author claims current methodologies all resemble the linear classifier, which is why do adversarial examples generalize

   - Alternative hypotheses(generative models with input distribution, ensembles) are not resistant to adversarial examples. (p.8)

## Notice

- This Repository won't be updated.

- Please check [the package of adversarial attacks in pytorch](https://github.com/Harry24k/adversairal-attacks-pytorch)