diff --git a/2021-guangzhou.html b/2021-guangzhou.html index 0e5d29e..6485366 100644 --- a/2021-guangzhou.html +++ b/2021-guangzhou.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/about.html b/about.html index a56c5e4..83f0025 100644 --- a/about.html +++ b/about.html @@ -78,14 +78,6 @@ - - - - - - - - diff --git a/adversarial-robustness-01.html b/adversarial-robustness-01.html new file mode 100644 index 0000000..5f6cab9 --- /dev/null +++ b/adversarial-robustness-01.html @@ -0,0 +1,190 @@ + + + + + + + + + + + + + + + + + + + + + + + [Adversarial Robustness] 1 Introduction to adversarial robustness | Patrick’s Blog + + + + + + + + + + + + + + +
+ +
+
+ +
+ +
+ +

[Adversarial Robustness] 1 Introduction to adversarial robustness

+ +
+ + Posted on Wed, Mar 8, 2023 + + + + 📖Note + + + + Robustness + + +
+ +
+

介绍

对抗鲁棒性 (adversarial robustness):我们能否开发出对输入的(测试时)扰动鲁棒的分类器,而这些扰动是由意图欺骗分类器的敌人产生的。

准备工作

Python 3.7

需要的背景知识

深入

首先,我们使用 PyTorch 中(预训练的)ResNet50 模型来分类猪的这张图片。

PyTorch 中正常的图像分类策略是首先使用torchvision.transforms模块对图像进行变换(至近似 0 均值,单位方差)。然而,因为我们想要在原来的(非标准化的)图像空间制造扰动,我们会用一个稍微不同的方法,实际上在 PyTorch 层上构建变换,以便我们可以直接输入图像。首先,让我们加载这张图像并调整大小为 224x224,即大多数 ImageNet 图像用作输入的默认大小(因此是预训练分类器)。

from PIL import Image
+from torchvision import transforms
+import matplotlib.pyplot as plt
+
+# read the image, resize to 224 and convert to PyTorch Tensor
+pig_img = Image.open("pig.jpg")
+preprocess = transforms.Compose([
+    transforms.Resize(224),
+    transforms.ToTensor(),
+])
+pig_tensor = preprocess(pig_img)[None, :, :, :]
+
+# plot image (note that numpy uses HWC whereas Pytorch uses CHW, so we need to convert)
+plt.imshow(pig_tensor[0].numpy().transpose(1, 2, 0))

现在让我们在必要的变换后加载预训练的 ResNet50 模型并将它应用到图像上(这里奇怪的索引只是用于遵循 PyTorch 标准,模块的所有输入应该是batch_size x num_channels x height x weight的形式)。

import torch
+import torch.nn as nn
+from torchvision.models import resnet50
+
+# simple Module to normalize an image
+class Normalize(nn.Module):
+    def __init__(self, mean, std):
+        super(Normalize, self).__init__()
+        self.mean = torch.Tensor(mean)
+        self.std = torch.Tensor(std)
+    def forward(self, x):
+        return (x - self.mean.type_as(x)[None, :, None, None]) / self.std.type_as(x)[None, :, None, None]
+
+# values are standard normalization for ImageNet images,
+# from https://github.com/pytorch/examples/blob/master/imagenet/main.py
+norm = Normalize(mean=[0.485, 0.456, 0.406], std=[0.229, 0.224, 0.225])
+
+# load pre-trained ResNet50, and put into evaluation mode (necessary to e.g. turn off batchnorm)
+model = resnet50(pretrained=True)
+model.eval()
# form predictions
+pred = model(norm(pig_tensor))

pred现在有一个 1000 维的向量,包含 1000 个 imagenet 类别的 logit 值(即如果你想要把它转换成一个概率向量,你应该对这个向量使用 softmax 运算)。为了找到最大似然的类,我们简单地取这个向量中最大值的索引,并且在 imagenet 类的列表中查找该索引来找到对应的标签。

import json
+with open("imagenet_class_index.json") as f:
+    imagenet_classes = {int(i): x[1] for i, x in json.load(f).items()}
+print(imagenet_classes[pred.max(dim=1)[1].item()])
hog

成功识别出该图像是猪。

一些介绍的符号

现在我们尝试欺骗这个分类器把这张图像识别为其他东西。为了解释这一过程,我们要介绍一些符号。具体来说,我们会定义模型,或假设函数,hθ:XRkh_\theta:\mathcal{X}\rightarrow\mathbb{R}^k 为从输入空间(上例中是一个三维的张量)到输出空间的映射。输出空间是一个 kk 维的向量,其中 kk 是正被预测的类的数量。注意像我们上面的模型,输出对应于 logit 空间,所以这些实数可正可负。θ\theta 向量表示所有定义这个模型的参数(即所有的卷积滤波器,全连接层权重矩阵,偏差等等),θ\theta 参数是当我们训练一个神将网络的时候通常去优化的。最后,注意这个 hθh_\theta 恰好对应于上面 Python 代码的model对象。

其次,我们定义一个损失函数 :Rk×Z+R+\ell:\mathbb{R}^k\times\mathbb{Z}_+\rightarrow\mathbb{R}_+ 为一个从模型预测和真实标签到一个非负数的映射。这个损失函数的语义是

+ + + + \ No newline at end of file diff --git a/bayes.html b/bayes.html index 0bdaf65..f182b91 100644 --- a/bayes.html +++ b/bayes.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/categories.html b/categories.html index 94e96b4..1e7c37a 100644 --- a/categories.html +++ b/categories.html @@ -78,14 +78,6 @@ - - - - - - - - diff --git a/changsha.html b/changsha.html index 5ad7b4d..e116ca6 100644 --- a/changsha.html +++ b/changsha.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/dalian.html b/dalian.html index 90a484c..9698c66 100644 --- a/dalian.html +++ b/dalian.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/decision-tree.html b/decision-tree.html index 7a68941..dfd3c2d 100644 --- a/decision-tree.html +++ b/decision-tree.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/index.html b/index.html index 469696c..a1e78f7 100644 --- a/index.html +++ b/index.html @@ -76,14 +76,6 @@ - - - - - - - - @@ -141,6 +133,36 @@

Patrick’s Blog

+
+

+ + + + + [Adversarial Robustness] 1 Introduction to adversarial robustness + +

+ +

+ 翻译自 https://adversarial-ml-tutorial.org/ +

+ +
+ + Posted on Wed, Mar 8, 2023 + + + + 📖Note + + + + Robustness + + +
+
+

diff --git a/linear-algebra-01.html b/linear-algebra-01.html index 98b837f..5790ef0 100644 --- a/linear-algebra-01.html +++ b/linear-algebra-01.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/linear-algebra-02.html b/linear-algebra-02.html index 3c74714..46c9b1e 100644 --- a/linear-algebra-02.html +++ b/linear-algebra-02.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/mapreduce.html b/mapreduce.html index e420ba7..0f75e32 100644 --- a/mapreduce.html +++ b/mapreduce.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/mysql-01.html b/mysql-01.html index 18bcf14..8d375fd 100644 --- a/mysql-01.html +++ b/mysql-01.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/mysql-02.html b/mysql-02.html index 76b6724..47c114e 100644 --- a/mysql-02.html +++ b/mysql-02.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/mysql-03.html b/mysql-03.html index b1df161..aba6b30 100644 --- a/mysql-03.html +++ b/mysql-03.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/mysql-04.html b/mysql-04.html index d57bf8d..ecec5fe 100644 --- a/mysql-04.html +++ b/mysql-04.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/not-enough-data-01.html b/not-enough-data-01.html index 5e282e4..7e9a4fb 100644 --- a/not-enough-data-01.html +++ b/not-enough-data-01.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/recommendation-01.html b/recommendation-01.html index 2b8335b..464f39e 100644 --- a/recommendation-01.html +++ b/recommendation-01.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/svm.html b/svm.html index d098703..c3464c3 100644 --- a/svm.html +++ b/svm.html @@ -81,14 +81,6 @@ - - - - - - - - diff --git a/tag/Causal Inference.html b/tag/Causal Inference.html index 4988311..dc04251 100644 --- a/tag/Causal Inference.html +++ b/tag/Causal Inference.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Database.html b/tag/Database.html index a0eeab1..04535fd 100644 --- a/tag/Database.html +++ b/tag/Database.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Distributed.html b/tag/Distributed.html index ce343ab..7a46154 100644 --- a/tag/Distributed.html +++ b/tag/Distributed.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Information Theory.html b/tag/Information Theory.html index ef44d2f..d42b543 100644 --- a/tag/Information Theory.html +++ b/tag/Information Theory.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Linear Algebra.html b/tag/Linear Algebra.html index 05e0357..5ba272a 100644 --- a/tag/Linear Algebra.html +++ b/tag/Linear Algebra.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/ML.html b/tag/ML.html index 722c05c..a6c32e7 100644 --- a/tag/ML.html +++ b/tag/ML.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Math.html b/tag/Math.html index 96bb795..e4ce8c5 100644 --- a/tag/Math.html +++ b/tag/Math.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Recommendation.html b/tag/Recommendation.html index 38bc6ac..1af3b76 100644 --- a/tag/Recommendation.html +++ b/tag/Recommendation.html @@ -72,14 +72,6 @@ - - - - - - - - diff --git a/tag/Robustness.html b/tag/Robustness.html new file mode 100644 index 0000000..3bd8edc --- /dev/null +++ b/tag/Robustness.html @@ -0,0 +1,154 @@ + + + + + + + + + + + + + + + + + + + + + + + + #Robustness | Patrick’s Blog + + + + + + + + +
+
+

#Robustness

+
+ +
+
© Patrick’s Blog 2022
+
·
+
Powered by Notablog. +
+
+ + + \ No newline at end of file diff --git "a/tag/\360\237\223\226Note.html" "b/tag/\360\237\223\226Note.html" index ab0fc89..782bbbb 100644 --- "a/tag/\360\237\223\226Note.html" +++ "b/tag/\360\237\223\226Note.html" @@ -72,14 +72,6 @@ - - - - - - - - @@ -119,6 +111,36 @@

#📖Note