Spaces:

lucasddmc
/

ViTViz

Sleeping

App Files Files Community

lucasddmc commited on Nov 20, 2025

Commit

cfe9e41

1 Parent(s): 7aad02c

fix: fixes MIM attack to init momentum on denormalized space

Browse files

Files changed (1) hide show

utils/attacks.py +14 -9

utils/attacks.py CHANGED Viewed

@@ -359,8 +359,8 @@ class MIFGSM(torchattacks.MIFGSM):
         images_denorm = images * std + mean
         adv_images_denorm = images_denorm.clone().detach()
-        # Inicializar momentum
-        momentum = torch.zeros_like(images).detach().to(self.device)
         self.iteration_images = []
         self.iteration_tensors = []
@@ -382,19 +382,24 @@ class MIFGSM(torchattacks.MIFGSM):
             else:
                 cost = loss(outputs, labels)
-            # Calcular gradiente
             grad = torch.autograd.grad(cost, adv_images,
                                        retain_graph=False, create_graph=False)[0]
             # Normalizar gradiente (chave do MI-FGSM!)
-            grad = grad / torch.mean(torch.abs(grad), dim=(1, 2, 3), keepdim=True)
-            # Aplicar momentum
-            grad = grad + momentum * self.decay
-            momentum = grad
-            # Voltar para espaço desnormalizado para aplicar perturbação
-            adv_images_denorm = adv_images_denorm.detach() + self.alpha * grad.sign() * std
             delta = torch.clamp(adv_images_denorm - images_denorm, min=-self.eps, max=self.eps)
             adv_images_denorm = torch.clamp(images_denorm + delta, min=0, max=1).detach()

         images_denorm = images * std + mean
         adv_images_denorm = images_denorm.clone().detach()
+        # Inicializar momentum no espaço desnormalizado
+        momentum = torch.zeros_like(images_denorm).detach().to(self.device)
         self.iteration_images = []
         self.iteration_tensors = []
             else:
                 cost = loss(outputs, labels)
+            # Calcular gradiente no espaço normalizado
             grad = torch.autograd.grad(cost, adv_images,
                                        retain_graph=False, create_graph=False)[0]
+            # Converter gradiente para espaço desnormalizado
+            # Isso é necessário porque o momentum precisa estar no mesmo espaço que as perturbações
+            grad_denorm = grad * std
             # Normalizar gradiente (chave do MI-FGSM!)
+            # Normalização acontece NO ESPAÇO DESNORMALIZADO para manter consistência
+            grad_denorm = grad_denorm / torch.mean(torch.abs(grad_denorm), dim=(1, 2, 3), keepdim=True)
+            # Aplicar momentum no espaço desnormalizado
+            grad_denorm = grad_denorm + momentum * self.decay
+            momentum = grad_denorm
+            # Aplicar perturbação no espaço desnormalizado
+            adv_images_denorm = adv_images_denorm.detach() + self.alpha * grad_denorm.sign()
             delta = torch.clamp(adv_images_denorm - images_denorm, min=-self.eps, max=self.eps)
             adv_images_denorm = torch.clamp(images_denorm + delta, min=0, max=1).detach()