Hello,thank you very much for sharing the program.But when i run the attack.py on IncRes_V2 and Inc_v3,there is something wrong with the program.With the IncRes_V2,there is an error:ValueError: Negative dimension size caused by subtracting 5 from 3 for 'InceptionResnetV2/AuxLogits/Conv2d_2a_5x5/Conv2D' (op: 'Conv2D') with input shapes: [40,3,3,128], [5,5,128,768].And with the Inc_v3,there is an error:Tensor name "InceptionV3/AuxLogits/Conv2d_2a_3x3/BatchNorm/beta" not found in checkpoint files ./models_tf/inception_v3.ckpt [[node save/RestoreV2 (defined at attack.py:267) ]] Can you tell me what's wrong? Thank you very much!

(0) Data loss: Unable to open table file ./models_tf/ens3_adv_inception_v3/ens3_adv_inception_v3.ckpt: Data loss: not an sstable (bad magic number): perhaps your file is in a different file format and you need to use a different restore operator?

the model i use is ens3_adv_incetption_v3, Could you reply me?

Hello，Could tell me when inception-resnet-v2 as the source model，what mid layer to be attack，I set the parameter ‘InceptionResnetV2/InceptionResnetV2/Conv2d_4a_3x3/Relu’ that follows your paper Conv_4a. But the permance is lower 10% comparing the result in your paper. So what is the mid parameter when you attack inception-resnet-v2? Thx.

Thanks for sharing the code! I've tried to run attack.py on InceptionV3(using layer InceptionV3/InceptionV3/Mixed_5b/concat), InceptionV4(using layer InceptionV4/InceptionV4/Mixed_6f/concat) and Resnet_v1_50(using layer resnet_v1_50/block4/unit_3/bottleneck_v1/conv2/Relu), but got poor results, so could you please share the EXACT LAYER NAME you used to attack?

According to the published paper, the ImageNet-Compatible dataset is used to conduct experiments. By downloading the above dataset from the website in reference [1], it is strange to find that there are only 904 images can be downloaded, rather than 1000 images illustrated in the paper. Therefore, could you please validate how many images were actually used in the experimental phase? Of course, if all 1000 images were used in your experiments, could you please share these images through Google Clouds or Baidu Clouds (urls of the missed 96 images are invalid now)?

Thanks very much!

Hi, thanks for your contribution! But some problems arose during the process. The ori_acc is 1.2% or 1.3%, and the adv_suc is around 60%~70%. Is there somthing wrong?

Hi! Thanks for your contribution! But when I run the command line you mentioned in readme file "python attack.py --model_name vgg_16 --attack_method FIAPIM --layer_name vgg_16/conv3/conv3_3/Relu --ens 30 --probb 0.7 --amplification_factor 2.5 --gamma 0.5 --Pkern_size 3 --image_size 224 --image_resize 250 --prob 0.7 --output_dir ./adv/FIAPIDIM/" and "python verify.py --ori_path ./dataset/images/ --adv_path ./adv/FIAPIDIM/ --output_file ./log.csv". I got adv_acc around 70%-80% and adv_succ around 20%-30%. Is there something wrong with your defulat parameter? 在运行readme里面提到的指令时，仅仅得到20%-30%的准确率，请问是否是默认参数不小心给错了呢？还是什么其他问题？