Ensemble Attacks

[Yash Sharma]

I think I've brought this up before, but should I push a modification where Cleverhans naturally handles ensemble attacks? 

I've made a modification just for my own research purposes. I simply modify the attack interface by having arg model except a list of models instead of just a single model, use the list of models to compute a list of predictions, and then avg the losses before taking the gradient. 

Do you think the API and the individual attacks should be modified to handle ensemble attacks. If so, does the above way work, or is a different implementation desired? 

[Yash Sharma]

*expect, sorry about that. 

--
You received this message because you are subscribed to a topic in the Google Groups "cleverhans dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cleverhans-dev/CPD0GUJL9wQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/482433a2-c197-4582-b2ab-111bae271ac3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Nicolas Papernot]

I guess currently you have to loop through the different models outside the library and make a list of models and attack objects, etc? Is this right?

As long as the list argument is a list of CleverHans model instances, it should be fairly low overhead to add this feature to the attacks. If we do decide to implement it, it would be nice to implement it as a method of the `Attacks` class so individual attack authors inherit it and don't have the overhead of writing this code when merging into CleverHans.

On Thu, Jul 19, 2018 at 2:55 AM Yash Sharma <yshar...@gmail.com> wrote:

*expect, sorry about that. 

On Wed, Jul 18, 2018 at 8:48 PM, Yash Sharma <yshar...@gmail.com> wrote:

I think I've brought this up before, but should I push a modification where Cleverhans naturally handles ensemble attacks? 

I've made a modification just for my own research purposes. I simply modify the attack interface by having arg model except a list of models instead of just a single model, use the list of models to compute a list of predictions, and then avg the losses before taking the gradient. 

Do you think the API and the individual attacks should be modified to handle ensemble attacks. If so, does the above way work, or is a different implementation desired? 

--
You received this message because you are subscribed to a topic in the Google Groups "cleverhans dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cleverhans-dev/CPD0GUJL9wQ/unsubscribe.

To unsubscribe from this group and all its topics, send an email to cleverhans-de...@googlegroups.com.

To post to this group, send email to cleverh...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/482433a2-c197-4582-b2ab-111bae271ac3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/CALbSnamXmM-aeBawpMjBBWPG-LLRu8GOQbsM3OOFaxLSNY8kRQ%40mail.gmail.com.

[Yash Sharma]

I'm not sure what you mean. Instead of passing a single model to the attack object, I pass a list of models. The first modification to each attack class is as model is a list now, in __init__, loop through all of the models and apply the CallableModelWrapper if need be. Then, on generate, 'get_or_guess_labels' using model[0] (as at minimum the user would like to attack at least one model, so model[0] will always exist). Also, when model.get_probs/logits() is called, generate a list of preds, obtain the loss for each of the preds, and average the losses. 

I can issue a pull request for my current implementation if you'd like. This does require each and every attack class to be modified, to handle the model list. In addition, I currently require the user to pass a list of models to the attack object, as passing a single model can be done by passing a 1-element list, and handling input to the 'model' arg as both a model object and a list of models adds complexity. 

I don't want to change the API, requiring the user to pass a list of models to the desired attack object, but I'm not sure how else would be best. Would this change be ok, or is there an alternative you'd vouch for?

On Thu, Jul 19, 2018 at 3:26 AM, Nicolas Papernot <nic...@papernot.fr> wrote:

I guess currently you have to loop through the different models outside the library and make a list of models and attack objects, etc? Is this right?

As long as the list argument is a list of CleverHans model instances, it should be fairly low overhead to add this feature to the attacks. If we do decide to implement it, it would be nice to implement it as a method of the `Attacks` class so individual attack authors inherit it and don't have the overhead of writing this code when merging into CleverHans.

On Thu, Jul 19, 2018 at 2:55 AM Yash Sharma <yshar...@gmail.com> wrote:

*expect, sorry about that. 

On Wed, Jul 18, 2018 at 8:48 PM, Yash Sharma <yshar...@gmail.com> wrote:

I think I've brought this up before, but should I push a modification where Cleverhans naturally handles ensemble attacks? 

I've made a modification just for my own research purposes. I simply modify the attack interface by having arg model except a list of models instead of just a single model, use the list of models to compute a list of predictions, and then avg the losses before taking the gradient. 

Do you think the API and the individual attacks should be modified to handle ensemble attacks. If so, does the above way work, or is a different implementation desired? 

--
You received this message because you are subscribed to a topic in the Google Groups "cleverhans dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cleverhans-dev/CPD0GUJL9wQ/unsubscribe.

To unsubscribe from this group and all its topics, send an email to cleverhans-dev+unsubscribe@googlegroups.com.

To post to this group, send email to cleverhans-dev@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/482433a2-c197-4582-b2ab-111bae271ac3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "cleverhans dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-dev+unsubscribe@googlegroups.com.
To post to this group, send email to cleverhans-dev@googlegroups.com.

[Ian Goodfellow]

Why not leave the Attack API unchanged, and make something like

class Ensemble(Model):

    def __init__(self, members):

        self.members = members

    def get_logits(self, x):

        return sum(member.get_logits(x) for member in self.members) / len(self.members)

?

Then you could pass an Ensemble to any existing Attack without having to change the Attacks to specifically support ensembles.

On Thu, Jul 19, 2018 at 12:41 AM Yash Sharma <yshar...@gmail.com> wrote:

I'm not sure what you mean. Instead of passing a single model to the attack object, I pass a list of models. The first modification to each attack class is as model is a list now, in __init__, loop through all of the models and apply the CallableModelWrapper if need be. Then, on generate, 'get_or_guess_labels' using model[0] (as at minimum the user would like to attack at least one model, so model[0] will always exist). Also, when model.get_probs/logits() is called, generate a list of preds, obtain the loss for each of the preds, and average the losses. 

I can issue a pull request for my current implementation if you'd like. This does require each and every attack class to be modified, to handle the model list. In addition, I currently require the user to pass a list of models to the attack object, as passing a single model can be done by passing a 1-element list, and handling input to the 'model' arg as both a model object and a list of models adds complexity. 

I don't want to change the API, requiring the user to pass a list of models to the desired attack object, but I'm not sure how else would be best. Would this change be ok, or is there an alternative you'd vouch for?

On Thu, Jul 19, 2018 at 3:26 AM, Nicolas Papernot <nic...@papernot.fr> wrote:

I guess currently you have to loop through the different models outside the library and make a list of models and attack objects, etc? Is this right?

As long as the list argument is a list of CleverHans model instances, it should be fairly low overhead to add this feature to the attacks. If we do decide to implement it, it would be nice to implement it as a method of the `Attacks` class so individual attack authors inherit it and don't have the overhead of writing this code when merging into CleverHans.

On Thu, Jul 19, 2018 at 2:55 AM Yash Sharma <yshar...@gmail.com> wrote:

*expect, sorry about that. 

On Wed, Jul 18, 2018 at 8:48 PM, Yash Sharma <yshar...@gmail.com> wrote:

I think I've brought this up before, but should I push a modification where Cleverhans naturally handles ensemble attacks? 

I've made a modification just for my own research purposes. I simply modify the attack interface by having arg model except a list of models instead of just a single model, use the list of models to compute a list of predictions, and then avg the losses before taking the gradient. 

Do you think the API and the individual attacks should be modified to handle ensemble attacks. If so, does the above way work, or is a different implementation desired? 

--
You received this message because you are subscribed to a topic in the Google Groups "cleverhans dev" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/cleverhans-dev/CPD0GUJL9wQ/unsubscribe.

To unsubscribe from this group and all its topics, send an email to cleverhans-de...@googlegroups.com.

To post to this group, send email to cleverh...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/482433a2-c197-4582-b2ab-111bae271ac3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

You received this message because you are subscribed to the Google Groups "cleverhans dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/CALbSnamXmM-aeBawpMjBBWPG-LLRu8GOQbsM3OOFaxLSNY8kRQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "cleverhans dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to cleverhans-de...@googlegroups.com.
To post to this group, send email to cleverh...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cleverhans-dev/CALbSnamaUQei3NbouORCyZ5Y1b577VhbpkKiFrVTbvNpQizsnw%40mail.gmail.com.

[Yash Sharma]

Sure! That's different than calculating the losses for each model and averaging, but still works. I'll implement when I get the chance.