Madry Challenge C&W attack (name scopes)
75 views
Skip to first unread message
Yash Sharma
Oct 6, 2017, 7:25:02 PM10/6/17
to cleverhans dev
Can the Cleverhans wrapper for the Madry challenge be used with the C&W attack? The C&W attack uses tf variables, so the fact that the Madry model can't be put in a scope means that when running saver.restore, the saver will also attempt to restore the variables in the C&W attack.
Is there any way around this? I understand why the Madry model can't be wrapped in a scope, but given that, I don't know how to make sure the C&W attack variables aren't restored.
I don't think this issue is unique to Cleverhans, but is an issue with the Madry challenge in general. Any ideas?
Nicholas Carlini
Oct 6, 2017, 7:29:15 PM10/6/17
to Yash Sharma, cleverhans dev
This is one of those things that tensorflow makes difficult,
with the save/restore functionality. You can handle this by
selectively restoring variables by passing those in to the
constructor. Maybe someone can put together a PR that
does this for the challenge to only restore the variables
used in the model.
Nicholas
> --
> You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
> To post to this group, send email to cleverh...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/0c3715cd-0f43-465d-8dec-aa80267c1d34%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
with the save/restore functionality. You can handle this by
selectively restoring variables by passing those in to the
constructor. Maybe someone can put together a PR that
does this for the challenge to only restore the variables
used in the model.
Nicholas
> You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
> To post to this group, send email to cleverh...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/0c3715cd-0f43-465d-8dec-aa80267c1d34%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Ian Goodfellow
Jan 12, 2018, 6:55:50 PM1/12/18
to cleverhans dev, Nicholas Carlini, Fartash Faghri, Yash Sharma
If anyone wants to work on this, let me know and I'll send you
Fartash's code from the Google repo
On Mon, Oct 9, 2017 at 1:35 PM, Fartash Faghri <fartash...@gmail.com> wrote:
> Hi Ian,
>
> I had a code which I pushed to g3 experimental but not github that solves
> this issue. The file load_madry.py in three_softmax/ simply assigns values
> only to the tensors of Madry's model. If someone wanted to make a PR, they
> can start from that code.
>
> Fartash
>> https://groups.google.com/d/msgid/cleverhans-dev/3FE6A176-F962-4622-A906-07B62FC3F21C%40gmail.com.
Fartash's code from the Google repo
On Mon, Oct 9, 2017 at 1:35 PM, Fartash Faghri <fartash...@gmail.com> wrote:
> Hi Ian,
>
> I had a code which I pushed to g3 experimental but not github that solves
> this issue. The file load_madry.py in three_softmax/ simply assigns values
> only to the tensors of Madry's model. If someone wanted to make a PR, they
> can start from that code.
>
> Fartash
Angus Galloway
May 15, 2018, 11:54:42 AM5/15/18
to cleverhans dev
I have been using the WideResNet from the Madry CIFAR-10 challenge with the CleverHans model class and so far all attacks work fine e.g., PGD, CWL2 and do not interfere with loading the pre-trained public/secret checkpoints. My current implementation is here: https://github.com/uoguelph-mlrg/adversarial_training_vs_weight_decay/blob/master/cifar10/MadryLab/cleverhans_model.py
I'm willing to tidy this up and submit a PR if there's interest, but would require some input as to how this fits within the existing framework, without creating another tutorial to maintain. I think this would be a nice complement to the vanilla CNN and accelerate the community's understanding of the limitations of the "PGD + high capacity" defense. The original code is quite slow as perturbations are computed on the CPU with numpy and is geared toward black-box attack submissions.
Nicolas Papernot
May 17, 2018, 5:13:32 PM5/17/18
to Angus Galloway, cleverhans dev
This sounds like it would be a great addition to the examples folder. There is already a folder there that wraps the challenge code to the CleverHans model, but you may have code that can help improve it.
On Tue, May 15, 2018, 11:54 AM Angus Galloway <premiumd...@gmail.com> wrote:
I have been using the WideResNet from the Madry CIFAR-10 challenge with the CleverHans model class and so far all attacks work fine e.g., PGD, CWL2 and do not interfere with loading the pre-trained public/secret checkpoints. My current implementation is here: https://github.com/uoguelph-mlrg/adversarial_training_vs_weight_decay/blob/master/cifar10/MadryLab/cleverhans_model.pyI'm willing to tidy this up and submit a PR if there's interest, but would require some input as to how this fits within the existing framework, without creating another tutorial to maintain. I think this would be a nice complement to the vanilla CNN and accelerate the community's understanding of the limitations of the "PGD + high capacity" defense. The original code is quite slow as perturbations are computed on the CPU with numpy and is geared toward black-box attack submissions.
--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/0b4bd71b-db85-4680-9008-382ea664f38e%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages