pylint E0401:unable to import 'keras.utils' unable to import networks.capsulenet.capsule_net when i uesed ''python attack.py --model densenet capsnet'',the above problems appeared,Who can help me t how to solve it?tanks a lot

File "helper.py", line 32 x_pos, y_pos, *rgb = pixel ^ SyntaxError: invalid syntax I met this problem while running the "imports" of "1_one-pixel-attack-cifar10", with both python2 and python3.

Hello, after running attack.py, the pkl file is saved. I would like to ask how to display the image after the attack? Attack is to perturb a single pixel. Has the value of other pixels in the image changed? Thank you and look forward to your reply.

Hello, I would like to ask why CIFAR-10 was not pre-processed in your code, while the image of ImageNet was pre-processed? In addition, does the adversarial examples need to be pre-processed (such as normalization) before being fed into the model for reclassification?

Hello everyone,

I am trying to fool the entire cifar10 data-set by using the one-pixel attack and download it for a project. As I do not know how the attack function has been made, I will be glad to get help from someone. I noticed that I can only fool one image per iteration. What I would do is to fool many image then download them.

Best regards

Hey, @Hyperparticle.

Such a nice collection of materials, thank you!

I tried extending the CIFAR10 example to do some comparisons. It appears to me that for the kind of computational budget you followed, it's pretty hard to get a successful attack even on a small CNN (15722 learnable parameters).

Here's my notebook that does the comparison - https://colab.research.google.com/drive/1TKxtY63dqcuWAvrrDaDx3PQ3M7_xntQr?usp=sharing.

Am I missing out on something? One of the things I have changed is I have scaled the pixel values to be in the range of [0, 1]. Any help is much appreciated. Thanks!

There is a argument，targeted，in the attack.py .

parser.add_argument('--targeted', action='store_false', help='Set this switch to test for targeted attacks.')

Please tell me,if the action = 'store_false',the attack is targeted or not? Thank u for answering my issue.

Function attack_success takes argument img which is an id of the image in the dataset. Wouldn't it be clearer if this variable is called img_id or something like this? Or we could pass the whole image from the dataset instead.

When I run python train.py --model resnet --epochs 200 --batch_size 128 It occurs an error:

Traceback (most recent call last): File "train.py", line 40, in model.train() File "/home/cvers/zgz/one-pixel-attack-keras-master/networks/resnet.py", line 162, in train self.param_count = self._model.count_params() AttributeError: 'ResNet' object has no attribute '_model' Exception ignored in: <bound method BaseSession.del of <tensorflow.python.client.session.Session object at 0x7f9c07081be0>> Traceback (most recent call last): File "/home/cvers/anaconda3/envs/tensorflow/lib/python3.5/site-packages/tensorflow/python/client/session.py", line 701, in del TypeError: 'NoneType' object is not callable

I try to use the gpu in the one-pixel attack for imagenet, because the model run on imagenet is too slow, but I use os.environ["CUDA_VISIBLE_DEVICES"] seems did not work, can you give some help. Thanks so much !

I guess y_test[img, 0] in attack_all() is a buggy line because img is not a valid variable in attack_all(). I guess the intended line was y_test[img_id, 0]?

It seems like imports are broken, which version of tensorflow/keras has been used?

ImportError: cannot import name 'Adam' from 'keras.optimizers'

in line from networks.pure_cnn import PureCnn

I trained the transformer architecture in the below github repo: https://github.com/keras-team/keras-io/blob/master/examples/vision/image_classification_with_vision_transformer.py

I also have a .h5 file of the saved model added to the networks/models

How do I try the attack on it?

Thanks

The paper, Attacking Convolutional Neural Network using Differential Evolution, explains how to tweak the one pixel attack to produce adversarial images that minimize the amount of perturbation in an image. It would be nice to incorporate these changes.

There are some preliminary results of the one-pixel attack performed on Cifar10 in the repo, but it is not quite as comprehensive as seen in https://arxiv.org/abs/1710.08864. It would be nice to not only replicate the experiments but also match (or surpass) their metrics.

Similar to 1_one-pixel-attack-cifar10.ipynb, perform a series of targeted/targeted adversarial attacks using differential evolution and collect results. This is a continuation of #3.