Skip to content

Add validation check to ensure valid image domain of [0.0, 1.0]#8

Open
davidslater wants to merge 2 commits intogoogle-research:masterfrom
davidslater:image-domain
Open

Add validation check to ensure valid image domain of [0.0, 1.0]#8
davidslater wants to merge 2 commits intogoogle-research:masterfrom
davidslater:image-domain

Conversation

@davidslater
Copy link

I had forgotten to clip this in a couple of my attacks. For instance, on the blur defense, I got it down to 7% failures with a simple PGD-20 attack, but forgot to clip inputs, so many of the values were outside this range. With this check added, I had 54% failures. With properly clipping, I was able to bring it down to 8% failures with the same attack.

In general, I don't expect this to be a serious issue for Linf attacks with small epsilon, but will certainly be a big issue for L2 attacks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant