Fixing noise, adding notebook.

Signed-off-by: Kieran Fraser <[email protected]>

app.py

@@ -158,11 +158,11 @@ def clf_evasion_evaluate(*args):
         for i, im in enumerate(x_adv):
             adv_gallery_out.append(( im.transpose(1,2,0), label_names[np.argmax(outputs[i])] ))
             
-        delta = ((x_subset - x_adv) + attack_eps) # * 5 # shift to 0 and make perturbations 10x larger to visualise them
-        delta[delta<0] = 0
-        '''if delta.max()>1:
-            delta = (delta-np.min(delta))/(np.max(delta)-np.min(delta))'''
+        delta = ((x_subset - x_adv) + attack_eps) * 10 # shift to 0 and make perturbations 10x larger to visualise them
+        if delta.max()>1:
+            delta = (delta-np.min(delta))/(np.max(delta)-np.min(delta))
         delta[delta>1] = 1
+        delta[delta<0] = 0
         delta_gallery_out = delta.transpose(0, 2, 3, 1)
         
     if attack == "Adversarial Patch":
@@ -221,7 +221,9 @@ with gr.Blocks(css=css, theme='Tshackelton/IBMPlex-DenseReadable') as demo:
                 common red-team workflow to assess model vulnerability to evasion attacks ⚔️</p>''')
     
     gr.Markdown('''<p style="font-size: 18px; text-align: justify"><i>Check out the full suite of features provided by ART <a href="https://github.com/Trusted-AI/adversarial-robustness-toolbox"
-                    target="blank_">here</a>.</i></p>''')
+                    target="blank_">here</a>. To dive further into evasion attacks with Hugging Face and ART, check out our 
+                    <a href="https://github.com/Trusted-AI/adversarial-robustness-toolbox/blob/main/notebooks/hugging_face_evasion.ipynb" 
+                    target="_blank">notebook</a>. Also feel free to contribute and give our repo a ⭐.</i></p>''')
     
     gr.Markdown('''<hr/>''')
     
@@ -253,7 +255,7 @@ with gr.Blocks(css=css, theme='Tshackelton/IBMPlex-DenseReadable') as demo:
     gr.Markdown('''<hr/>''')
     
     gr.Markdown('''<p style="text-align: justify; font-size: 18px">ℹ️ Now as a responsible AI expert, you wish to assert that your model is not vulnerable to
-                attacks which might manipulate the prediction. For instance, ships become classified as birds. To do this, you will run deploy
+                attacks which might manipulate the prediction. For instance, ships become classified as birds. To do this, you will deploy
                 adversarial attacks against your own model and assess its performance.</p>''')
     
     gr.Markdown('''<p style="text-align: justify; font-size: 18px">ℹ️ Below are two common types of evasion attack. Both create adversarial images, which at first glance, seem the same as the original images,
@@ -271,8 +273,8 @@ with gr.Blocks(css=css, theme='Tshackelton/IBMPlex-DenseReadable') as demo:
             with gr.Column(scale=1):
                 attack = gr.Textbox(visible=True, value="PGD", label="Attack", interactive=False)
                 max_iter = gr.Slider(minimum=1, maximum=10, label="Max iterations", value=4)
-                eps = gr.Slider(minimum=0.0001, maximum=1, label="Epslion", value=0.03) 
-                eps_steps = gr.Slider(minimum=0.0001, maximum=1, label="Epsilon steps", value=0.003) 
+                eps = gr.Slider(minimum=0.0001, maximum=1, label="Epslion", value=0.3) 
+                eps_steps = gr.Slider(minimum=0.0001, maximum=1, label="Epsilon steps", value=0.03) 
                 bt_eval_pgd = gr.Button("Evaluate")
                 
             # Evaluation Output. Visualisations of success/failures of running evaluation attacks.