New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Some question about computing the adversarial saliency map in JSMA attack #2306
Comments
Hi @HIT1180300227 I think this implementation of JSMA is neglecting the additional terms on gradients towards classes other than the target class. Have you been able to use the attack successfully? |
Hi @beat-buesser , I use JSMA method in ids(intrusion detection system) field.Specifically, I use the targeted JSMA method on the statistical feature vectors as follows:
Before using jsma attack,I can get 90% classification accuracy.After using this attack method, the classification accuracy will be reduced to 20%. It seems that although the implementation of this attack method is not consistent with the original paper, it can still successfully confuse the classification model. Why does the jsma attack still work? |
Hi @HIT1180300227 I think it still works because the main component of the gradients is the same, e.g. the direction in which the current classes' logit value decreases. The paper is more accurate by requiring additional terms for updates to this direction to make sure the other logins are not increasing. It looks that for many applications these additional therms might be small/negligible, but it would be more complicated to implement. |
Hi,
When using JSMA method, I found that the implementation of adversarial saliency map of this toolbox is slightly different from the original paper:
In this toolbox, corresponding implementation in saliency_map.py looks like this:
I notice that ind is selected directly from grads
But in original paper, adversarial saliency map is computed like this :
or heuristic equation like this:
I'm confused about this difference.
The text was updated successfully, but these errors were encountered: