udpated the new example

bethgelab · Oct 23, 2019 · 5a04c89 · 5a04c89
1 parent 2807584
commit 5a04c89
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 7 deletions.
diff --git a/README.rst b/README.rst
@@ -56,6 +56,7 @@ Example
    # get a batch of images and labels and print the accuracy
    images, labels = foolbox.utils.samples(dataset='imagenet', batchsize=16, data_format='channels_first', bounds=(0, 1))
    print(np.mean(fmodel.forward(images).argmax(axis=-1) == labels))
+   # -> 0.9375
 
    # apply the attack
    attack = foolbox.attacks.FGSM(fmodel)
@@ -64,7 +65,8 @@ Example
    # if the attack fails to find an adversarial for the i'th image, then adversarials[i] will all be np.nan
 
    # Foolbox guarantees that all returned adversarials are in fact in adversarials
-   print(np.mean(fmodel.forward(adversarials).argmax(axis=-1) == labels))  # will be 0.0
+   print(np.mean(fmodel.forward(adversarials).argmax(axis=-1) == labels))
+   # -> 0.0
 
 
 .. code-block:: python
@@ -77,7 +79,7 @@ Example
 
    # You can always get the actual adversarial class that was observed for that sample by Foolbox by
    # passing `unpack=False` to get the actual `Adversarial` objects:
-   attack = foolbox.attacks.FGSM(fmodel, distance=foolbox.distance.Linf)
+   attack = foolbox.attacks.FGSM(fmodel, distance=foolbox.distances.Linf)
    adversarials = attack(images, labels, unpack=False)
 
    adversarial_classes = np.asarray([a.adversarial_class for a in adversarials])
@@ -89,6 +91,9 @@ Example
    # can be 0 (misclassified without perturbation) and inf (attack failed).
    distances = np.asarray([a.distance.value for a in adversarials])
    print("{:.1e}, {:.1e}, {:.1e}".format(distances.min(), np.median(distances), distances.max()))
+   print("{} of {} attacks failed".format(sum(adv.distance.value == np.inf for adv in adversarials), len(adversarials)))
+   print("{} of {} inputs misclassified without perturbation".format(sum(adv.distance.value == 0 for adv in adversarials), len(adversarials)))
+
 
 For more examples, have a look at the `documentation <https://foolbox.readthedocs.io/en/latest/user/examples.html>`__.
 
@@ -101,10 +106,12 @@ Finally, the result can be plotted like this:
 
    import matplotlib.pyplot as plt
 
-   image = images[0].transpose(1, 2, 0)
-   adversarial = adversarials[0].transpose(1, 2, 0)
-   # or the following if the attack was run with `unpack=False`
-   adversarial = adversarials[0].input.transpose(1, 2, 0)
+   image = images[0]
+   adversarial = attack(images[:1], labels[:1])[0]
+
+   # CHW to HWC
+   image = image.transpose(1, 2, 0)
+   adversarial = adversarial.transpose(1, 2, 0)
 
    plt.figure()
 
@@ -126,6 +133,7 @@ Finally, the result can be plotted like this:
 
    plt.show()
 
+
 .. image:: https://github.com/bethgelab/foolbox/raw/master/example.png
 
 

diff --git a/docs/user/examples.rst b/docs/user/examples.rst
@@ -24,6 +24,7 @@ Running a batch attack against a PyTorch model
    # get a batch of images and labels and print the accuracy
    images, labels = foolbox.utils.samples(dataset='imagenet', batchsize=16, data_format='channels_first', bounds=(0, 1))
    print(np.mean(fmodel.forward(images).argmax(axis=-1) == labels))
+   # -> 0.9375
 
    # apply the attack
    attack = foolbox.attacks.FGSM(fmodel)
@@ -32,7 +33,8 @@ Running a batch attack against a PyTorch model
    # if the attack fails to find an adversarial for the i'th image, then adversarials[i] will all be np.nan
 
    # Foolbox guarantees that all returned adversarials are in fact in adversarials
-   print(np.mean(fmodel.forward(adversarials).argmax(axis=-1) == labels))  # will be 0.0
+   print(np.mean(fmodel.forward(adversarials).argmax(axis=-1) == labels))
+   # -> 0.0
 
    # ---
 
@@ -44,6 +46,7 @@ Running a batch attack against a PyTorch model
 
    # You can always get the actual adversarial class that was observed for that sample by Foolbox by
    # passing `unpack=False` to get the actual `Adversarial` objects:
+   attack = foolbox.attacks.FGSM(fmodel, distance=foolbox.distances.Linf)
    adversarials = attack(images, labels, unpack=False)
 
    adversarial_classes = np.asarray([a.adversarial_class for a in adversarials])
@@ -55,6 +58,8 @@ Running a batch attack against a PyTorch model
    # can be 0 (misclassified without perturbation) and inf (attack failed).
    distances = np.asarray([a.distance.value for a in adversarials])
    print("{:.1e}, {:.1e}, {:.1e}".format(distances.min(), np.median(distances), distances.max()))
+   print("{} of {} attacks failed".format(sum(adv.distance.value == np.inf for adv in adversarials), len(adversarials)))
+   print("{} of {} inputs misclassified without perturbation".format(sum(adv.distance.value == 0 for adv in adversarials), len(adversarials)))
 
 
 Running an attack on single sample against a Keras model