我正在为 Facenet 分类器进行 FGSM 攻击,该分类器使用 Keras 模型进行嵌入,并使用 SVM 来进行分类。我很难确定如何格式化输入的输入,因为我需要先将输入传递给 SVM,然后才能承受损失,但后来我得到的梯度为 None,它作为错误失败。您对我如何有效地传递价值观有任何想法吗?
for i in range(epochs):
print(i)
# One hot encode the target class
target = K.one_hot(target_class, 5)
# Get the new image and predictions
embeddingPred=asarray(embed_model.output[0])
prediction= tf.reshape(model.predict_proba(embeddingPred),[5,])
prediction = tf.cast(tf.convert_to_tensor(prediction), tf.float32)
# Get the loss and gradient of the loss wrt the inputs
loss = -1*K.categorical_crossentropy(target, prediction)
grads = K.gradients(loss, embed_model.input)
# Get the sign of the gradient
delta = K.sign(grads[0])
x_noise = x_noise + delta
# Perturb the image
x_adv = x_adv + epsilon*delta
# Get the new image and predictions
x_adv = sess.run(x_adv, feed_dict={embed_model.input:x})