-
-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement HopSkipJump attack #574
Conversation
What’s the status of this? Could you explain why this attack requires a separate attack-specific test file? |
@jonasrauber The attack is implemented and seems to work. However, the tests are still taking a lot of time (especially for the TF backend)... Regarding the attack-specific test file: this attack needs a separate test file for the same reasons the Brendel Bethge attack does: the attack uses another attack at the beginning to find the initial adversarial perturbations; next, the attack tries to minimize the perturbation while keeping it adversarial. Thus, we cannot just use the other test file that only checks whether the final result is adversarial but we have to verify that the magnitude of the perturbation was decreased to validate the attack's behavior. Does this make sense to you? |
This PR implements the
HopSkipJump
attack as described in the paper. The code is based on the reference reference implementation.There are still some test cases missing at the moment.