DeepFool is a simple algorithm to find the minimum adversarial perturbations in deep networks
This function implements the algorithm proposed in [1] using PyTorch to find adversarial perturbations.
Note: The final softmax (loss) layer should be removed in order to prevent numerical instabilities.
The parameters of the function are:
image: Image of sizeHxWx3dnet: neural network (input: images, output: values of activation BEFORE softmax).num_classes: limits the number of classes to test against, by default = 10.max_iter: max number of iterations, by default = 50.
A simple demo which computes the adversarial perturbation for a test image from ImageNet dataset.
[1] S. Moosavi-Dezfooli, A. Fawzi, P. Frossard: DeepFool: a simple and accurate method to fool deep neural networks. In Computer Vision and Pattern Recognition (CVPR ’16), IEEE, 2016.