Where the adversarials are stored.

[mhsamavatian]

I cannot understand from the code where the adversarial images are stored. If I want to give my own adversarial inputs to the path generation code, where should I put them. What is the format? NumPy?

[uchuhimo]

@mhsamavatian You can store your adversarial inputs in wherever you like, and use the following code to generate path (see https://github.com/Ptolemy-DL/Ptolemy/blob/master/src/nninst/backend/tensorflow/attack/common.py#L4527-L4546):

def adversarial_input_fn():
    adversarial_input = model_config.normalize_fn(adversarial_example)
    if not isinstance(adversarial_input, tf.data.Dataset):
        adversarial_input = tf.data.Dataset.from_tensors(
            adversarial_input
        )
    return adversarial_input

trace = reconstruct_trace_from_tf_v2(
    model_fn=model_fn,
    input_fn=adversarial_input_fn,
    trace_fn=partial(
        trace_fn,
        select_seed_fn=lambda output: arg_sorted_topk(output, rank)[
            rank - 1 : rank
        ],
    ),
    model_dir=model_dir,
    rank=rank,
)[0]

adversarial_example is your adversarial input in NumPy format, trace is the generated path.

We store our adversarial inputs in store/example/{attack_name}/{name}/{class_id}/{image_id}.pkl (see https://github.com/Ptolemy-DL/Ptolemy/blob/master/src/nninst/backend/tensorflow/attack/common.py#L1163), e.g., store/example/FGSM/alexnet_imagenet/883/0.pkl is an adversarial input generated by FGSM attack for AlexNet+ImageNet.