are eps values hard coded?

20 views
Skip to first unread message

ephi...@yahoo.com

unread,
Nov 14, 2018, 1:58:01 PM11/14/18
to cleverhans dev
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

ephi...@yahoo.com

unread,
Nov 14, 2018, 2:15:54 PM11/14/18
to cleverhans dev
also it appears that ord=np.inf is pre-determined. please clarify.

Nicolas Papernot

unread,
Nov 14, 2018, 2:33:09 PM11/14/18
to ephi...@yahoo.com, cleverh...@googlegroups.com
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/7b842453-2271-4b6f-8262-25350a4faf67%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ian Goodfellow

unread,
Nov 14, 2018, 2:37:21 PM11/14/18
to Nicolas Papernot, ephi...@yahoo.com, cleverh...@googlegroups.com
I tried changing them from eps=.3 and ord=inf to eps=.2 and ord=2. I put "assert False, (eps, ord)" in attacks.py to make sure fgm got the right values. It looks like it works.
  File "/usr/local/google/home/goodfellow/cleverhans/cleverhans/attacks.py", line 443, in fgm
    assert False, (eps, ord)
AssertionError: (0.2, 2)

To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/CAEmUmGb4OCkoHwEu2vffumMTvjfhJ6D71V7bSkc_qfnQd-bQDQ%40mail.gmail.com.

ephi...@yahoo.com

unread,
Nov 14, 2018, 3:04:37 PM11/14/18
to cleverhans dev
Just to be clear, I only need to modify mnist_tutorial_picklable.py#L103 to change eps values (and not anywhere deeper in the codes)?


On Wednesday, November 14, 2018 at 2:33:09 PM UTC-5, Nicolas Papernot wrote:
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

On Wed, Nov 14, 2018 at 11:15 AM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
also it appears that ord=np.inf is pre-determined. please clarify.

On Wednesday, November 14, 2018 at 1:58:01 PM UTC-5, ephi...@yahoo.com wrote:
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

Ian Goodfellow

unread,
Nov 14, 2018, 3:11:19 PM11/14/18
to ephi...@yahoo.com, cleverh...@googlegroups.com

On Wed, Nov 14, 2018 at 12:04 PM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:
Just to be clear, I only need to modify mnist_tutorial_picklable.py#L103 to change eps values (and not anywhere deeper in the codes)?

On Wednesday, November 14, 2018 at 2:33:09 PM UTC-5, Nicolas Papernot wrote:
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

On Wed, Nov 14, 2018 at 11:15 AM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:
also it appears that ord=np.inf is pre-determined. please clarify.

On Wednesday, November 14, 2018 at 1:58:01 PM UTC-5, ephi...@yahoo.com wrote:
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/5064b26a-c941-4150-b3f3-a31988a2d08a%40googlegroups.com.

ephi...@yahoo.com

unread,
Nov 14, 2018, 4:37:09 PM11/14/18
to cleverhans dev

adv_plane_eps_pt_2.png

Terrific. Thank you. I am saving images affected by the FGM for eps = 0.1 thru 0.8 for both mnist and cifar10. Based on your tutorial codes I constructed a working cifar10 picklable and cifar10 evaluate code. I am noticing that even the eps=0.2 case causes a significant degradation of the adv image. I initially thought that the differences in the adversarial examples were not necessarily noticeable. Any comment that you may offer would be helpful. Best, Arnold


On Wednesday, November 14, 2018 at 3:11:19 PM UTC-5, Ian Goodfellow wrote:
On Wed, Nov 14, 2018 at 12:04 PM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
Just to be clear, I only need to modify mnist_tutorial_picklable.py#L103 to change eps values (and not anywhere deeper in the codes)?

On Wednesday, November 14, 2018 at 2:33:09 PM UTC-5, Nicolas Papernot wrote:
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

On Wed, Nov 14, 2018 at 11:15 AM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
also it appears that ord=np.inf is pre-determined. please clarify.

On Wednesday, November 14, 2018 at 1:58:01 PM UTC-5, ephi...@yahoo.com wrote:
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

Ian Goodfellow

unread,
Nov 14, 2018, 7:45:37 PM11/14/18
to ephi...@yahoo.com, cleverh...@googlegroups.com
0.2 is really big.
1) Make sure you know what scale your data lies on. Are your pixels in the interval [0, 1]? [-1, 1]? [0.5, 0.5]? [-standard dev, standard dev]? Those are all going to put eps on different scales.
2) This is what eps=.2 looks like for data in [0, 1]: https://imgur.com/a/kul6yQc   (This is just using random signs, not running the FGSM on an actual model)
3) This is what eps=8/255~=.03 looks like: https://imgur.com/a/AUTjnX3
For smaller eps you probably need a stronger attack than FGSM to get a high error rate.


On Wed, Nov 14, 2018 at 1:37 PM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:

adv_plane_eps_pt_2.png

Terrific. Thank you. I am saving images affected by the FGM for eps = 0.1 thru 0.8 for both mnist and cifar10. Based on your tutorial codes I constructed a working cifar10 picklable and cifar10 evaluate code. I am noticing that even the eps=0.2 case causes a significant degradation of the adv image. I initially thought that the differences in the adversarial examples were not necessarily noticeable. Any comment that you may offer would be helpful. Best, Arnold

On Wednesday, November 14, 2018 at 3:11:19 PM UTC-5, Ian Goodfellow wrote:
On Wed, Nov 14, 2018 at 12:04 PM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:
Just to be clear, I only need to modify mnist_tutorial_picklable.py#L103 to change eps values (and not anywhere deeper in the codes)?

On Wednesday, November 14, 2018 at 2:33:09 PM UTC-5, Nicolas Papernot wrote:
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

On Wed, Nov 14, 2018 at 11:15 AM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:
also it appears that ord=np.inf is pre-determined. please clarify.

On Wednesday, November 14, 2018 at 1:58:01 PM UTC-5, ephi...@yahoo.com wrote:
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/b04da416-62e3-4d25-9685-7c37116f8f42%40googlegroups.com.

ephi...@yahoo.com

unread,
Nov 15, 2018, 4:07:57 PM11/15/18
to cleverhans dev

adv_7_p2.png "7" (eps = 0.2)

Thanks for your reply. I see that my pixels are in the range [0, 1]. what scale should I use for eps values, e.g., 0.1 to 0.9? Also, here is my code for saving the MNIST images in evaluate_pickled_model.py. Have I done this correctly?
  # Evaluate the accuracy of the MNIST model on adversarial examples
  do_eval(preds, x_test, y_test, 'train_clean_train_clean_eval', False)
  do_eval(preds_adv, x_test, y_test, 'clean_train_adv_eval', True)
  # my addition
  x_sample = x_test.reshape(10000, 28, 28)
  adv_x_sample = adv_x.eval(session=sess, feed_dict={x: x_test})  
  np.save('legitx.npy',x_sample)
  np.save('adv-x-p2.npy',adv_x_sample)




On Wednesday, November 14, 2018 at 7:45:37 PM UTC-5, Ian Goodfellow wrote:
0.2 is really big.
1) Make sure you know what scale your data lies on. Are your pixels in the interval [0, 1]? [-1, 1]? [0.5, 0.5]? [-standard dev, standard dev]? Those are all going to put eps on different scales.
2) This is what eps=.2 looks like for data in [0, 1]: https://imgur.com/a/kul6yQc   (This is just using random signs, not running the FGSM on an actual model)
3) This is what eps=8/255~=.03 looks like: https://imgur.com/a/AUTjnX3
For smaller eps you probably need a stronger attack than FGSM to get a high error rate.


On Wed, Nov 14, 2018 at 1:37 PM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:

adv_plane_eps_pt_2.png

Terrific. Thank you. I am saving images affected by the FGM for eps = 0.1 thru 0.8 for both mnist and cifar10. Based on your tutorial codes I constructed a working cifar10 picklable and cifar10 evaluate code. I am noticing that even the eps=0.2 case causes a significant degradation of the adv image. I initially thought that the differences in the adversarial examples were not necessarily noticeable. Any comment that you may offer would be helpful. Best, Arnold

On Wednesday, November 14, 2018 at 3:11:19 PM UTC-5, Ian Goodfellow wrote:
On Wed, Nov 14, 2018 at 12:04 PM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
Just to be clear, I only need to modify mnist_tutorial_picklable.py#L103 to change eps values (and not anywhere deeper in the codes)?

On Wednesday, November 14, 2018 at 2:33:09 PM UTC-5, Nicolas Papernot wrote:
You can change the value of eps (and the order of the norm) here (by adding a key to the dictionary for the order) : https://github.com/tensorflow/cleverhans/blob/master/cleverhans_tutorials/mnist_tutorial_picklable.py#L103

-N

On Wed, Nov 14, 2018 at 11:15 AM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
also it appears that ord=np.inf is pre-determined. please clarify.

On Wednesday, November 14, 2018 at 1:58:01 PM UTC-5, ephi...@yahoo.com wrote:
Do the eps values in mnist_tutorial_picklable.py specified by fgsm_params propagate to the values shown in "def fgm" in attacks_tf.py and to the "def parse_params" in attacks.py?
Please advise. They appear hard coded however I would be helpful if I would only need to change the eps values at the tutorial level to test the sensitivity.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

Ian Goodfellow

unread,
Nov 16, 2018, 9:05:15 AM11/16/18
to ephi...@yahoo.com, cleverhans dev
Can you summarize in your own words what you think eps does? It’s hard to help you without knowing the level of detail you’re working at.

To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/24198043-df97-485a-a9b2-6bd38d6e6294%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.
--
Sent from Gmail Mobile

ephi...@yahoo.com

unread,
Nov 19, 2018, 2:34:16 PM11/19/18
to cleverhans dev
From the "def fgm (....)" algorithm/code in /cleverhans/attacks_tf.py, I see that eps is a scalar multiplying the tensor "normalized_grad", where "normalized_grad" is based on the gradient of the saved CNN training loss wrt the input x. For the MNIST and CIFAR10 examples I showed earlier, perhaps the range for eps values should be reduced, e.g., [0.03, 0.3]. FYI, I only recently began the learning process for adversarial learning computational experiments. Previously, I implemented AlexNet in theano, Yolov3 in darknet, and Places hybrid 365 in keras. I appreciate your kind and helpful comments. Best, Arnold

On Friday, November 16, 2018 at 9:05:15 AM UTC-5, Ian Goodfellow wrote:
Can you summarize in your own words what you think eps does? It’s hard to help you without knowing the level of detail you’re working at.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

Ian Goodfellow

unread,
Nov 19, 2018, 2:39:52 PM11/19/18
to ephi...@yahoo.com, cleverhans dev
I'd really suggest reading the paper:

The code is documented to the point that people who have read some of the relevant papers should be able to follow it, but it's not documented to the point that it would be a smooth experience to learn the whole subject area just from reading the code.

On Mon, Nov 19, 2018 at 11:34 AM 'ephi...@yahoo.com' via cleverhans dev <cleverh...@googlegroups.com> wrote:
From the "def fgm (....)" algorithm/code in /cleverhans/attacks_tf.py, I see that eps is a scalar multiplying the tensor "normalized_grad", where "normalized_grad" is based on the gradient of the saved CNN training loss wrt the input x. For the MNIST and CIFAR10 examples I showed earlier, perhaps the range for eps values should be reduced, e.g., [0.03, 0.3]. FYI, I only recently began the learning process for adversarial learning computational experiments. Previously, I implemented AlexNet in theano, Yolov3 in darknet, and Places hybrid 365 in keras. I appreciate your kind and helpful comments. Best, Arnold

On Friday, November 16, 2018 at 9:05:15 AM UTC-5, Ian Goodfellow wrote:
Can you summarize in your own words what you think eps does? It’s hard to help you without knowing the level of detail you’re working at.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
--
Sent from Gmail Mobile

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/698117fc-cce0-40b8-ad81-c43c5d6497ab%40googlegroups.com.

ephi...@yahoo.com

unread,
Nov 19, 2018, 4:05:46 PM11/19/18
to cleverhans dev
will do. thank you.


On Monday, November 19, 2018 at 2:39:52 PM UTC-5, Ian Goodfellow wrote:
I'd really suggest reading the paper:

The code is documented to the point that people who have read some of the relevant papers should be able to follow it, but it's not documented to the point that it would be a smooth experience to learn the whole subject area just from reading the code.

On Mon, Nov 19, 2018 at 11:34 AM 'ephi...@yahoo.com' via cleverhans dev <cleverhans-dev@googlegroups.com> wrote:
From the "def fgm (....)" algorithm/code in /cleverhans/attacks_tf.py, I see that eps is a scalar multiplying the tensor "normalized_grad", where "normalized_grad" is based on the gradient of the saved CNN training loss wrt the input x. For the MNIST and CIFAR10 examples I showed earlier, perhaps the range for eps values should be reduced, e.g., [0.03, 0.3]. FYI, I only recently began the learning process for adversarial learning computational experiments. Previously, I implemented AlexNet in theano, Yolov3 in darknet, and Places hybrid 365 in keras. I appreciate your kind and helpful comments. Best, Arnold

On Friday, November 16, 2018 at 9:05:15 AM UTC-5, Ian Goodfellow wrote:
Can you summarize in your own words what you think eps does? It’s hard to help you without knowing the level of detail you’re working at.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.
--
Sent from Gmail Mobile

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages