Recently I asked a question about creating adversarial images for a simple Softmax Regressions model. I managed to find the solution by myself. Now, I would like to do the same thing, but instead for a Convnet as outlined in the TensorFlow Deep MNIST for Experts tutorial.
In the previous question, the situation was very simple, since the weight matrix has exactly the same dimension as an image, so we can just do matrix addition like this:
images_fool = x + 1.5 * w_six
where images_fool is the adversarial image, x is the original image of digit 2 and w_six is the weight matrix for digit 6, so that we can make an adversarial image of digit 2 that'll fool the classifier which will classify the image as digit 6.
But now, with ConvNet, there are many more weight matrices and none of them has the same dimension as the original image. So, my question is, how do we add the weights onto the original image to produce a adversarial image?
I appreciate any help. Thanks!
The script can be found here.