Preprocessing as a step to attacks
26 views
Skip to first unread message
AkashGanesan
Oct 25, 2018, 1:25:18 PM10/25/18
to cleverhans dev
Hi,
I was wondering if we can hooks that will allow us to preprocess the adversarial patterns generated before running the inference. I do know that blur filtering helps in defending against FGSM though fails against C&W attacks (https://arxiv.org/abs/1612.07767) and I was wondering if we can actually take advantage of a myriad of image processing/de-noising procedures. If we don't have something like that, I'd be happy to contribute to that.
Thank you.
Akash G
I was wondering if we can hooks that will allow us to preprocess the adversarial patterns generated before running the inference. I do know that blur filtering helps in defending against FGSM though fails against C&W attacks (https://arxiv.org/abs/1612.07767) and I was wondering if we can actually take advantage of a myriad of image processing/de-noising procedures. If we don't have something like that, I'd be happy to contribute to that.
Thank you.
Akash G
Ian Goodfellow
Oct 25, 2018, 6:52:10 PM10/25/18
to akab...@gmail.com, cleverh...@googlegroups.com
The easiest way to do this is to just put it in Model.fprop.
You can write Models that wrap other Models and add preprocessing.
Here's an example that does test-time data augmentation with multiple crops and flips:
class Augmentor(Model):
def __init__(self, raw):
self.raw = raw
def get_params(self):
return self.raw.get_params()
def fprop(self, x):
mode = "REFLECT"
assert mode in 'REFLECT SYMMETRIC CONSTANT'.split()
pad = [2, 2]
def _pad(img):
return tf.pad(img, [[pad[0], pad[0]], [pad[1], pad[1]], [0, 0]], mode)
xp = tf.map_fn(_pad, x)
xs = []
for i in xrange(pad[0] * 2):
for j in xrange(pad[1] * 2):
xs.append(tf.slice(xp, [0, i, j, 0], tf.shape(x)))
with tf.device("/CPU:0"):
xs.append(tf.image.flip_left_right(xs[-1]))
@function.Defun(tf.float32)
def f(xarg):
xarg.set_shape(x.get_shape())
return self.raw.get_logits(xarg)
logits = [f(e) for e in xs]
logits = tf.add_n(logits) / len(logits)
return {'logits': logits}
--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/74dee731-d589-4554-b20f-5b6596a91a10%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages