Attack accuracy discrepency between default and custom models. #1355
-
Hello, I am trying to use ART to evaluate the robustness of some techniques against attacks, using Pytorch. These techniques require me to make very low level changes (e.g., how floating point operations are performed). I started with the get_started_pytorch.py program and created a new model, where I changed just the final 2 linear layers. I used the linear layer code given by pytorch here. Specifically, the 'Extending torch.autograd' and 'Extending torch.nn' sections right at the top. I am creating two classifier to train them separately. 'Default' which is the baseline code given in the ART example and 'custom' where I change the linear layers as follows:
For now, I am performing the exact same operations in both. The classification accuracy is identical between the default and custom models. When I swap the inputs, the accuracies move with the inputs. So: So it seems it is performing the attack using the custom model leads to the difference. Is there something else I need to do with this model to make it work with ART the same as the default model does? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 7 replies
-
Hi @KarthikGanesan88 This sounds like an interesting experiment! I would have a few questions to get a better understanding. Could you please describe the "swap the inputs" step in more detail, maybe with code (how are the sample defined, etc.)? |
Beta Was this translation helpful? Give feedback.
Hi @KarthikGanesan88 This sounds like an interesting experiment! I would have a few questions to get a better understanding. Could you please describe the "swap the inputs" step in more detail, maybe with code (how are the sample defined, etc.)?