COMP90073 – Security Analytics Week 11 Workshop
The purpose of this tutorial is to help you further understand adversarial training as well as its limitation.
Instructions:
1. Run “mnist_tutorial_tf.py” in the subfolder of “cleverhans_tutorials”, and test whether the adversarially trained mode (model2) is also robust against adversarial samples generated by the indiscriminate C&W L2 attack. Hint: check how indiscriminate C&W L2 attack is implemented in “mnist_tutorial_cw.py”.
Copyright By PowCoder代写 加微信 powcoder
Expected result:
1. The model trained on clean examples (model1) is not robust against adversarial samples generated by the Fast
Gradient Sign Method (FGSM) – the accuracy on adversarial samples is around 10%;
2. The model trained on adversarial samples (model2) generated by FGSM is much more robust – the accuracy on
adversarial samples increases to over 95%;
3. However, since “model2” is trained on adversarial samples generated by FGSM (a relatively weak form of
adversarial attack), it is not robust against adversarial samples generated by the indiscriminate C&W L2 attack – the accuracy goes back to around 10%.
(The percentages may differ on your machine)
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com