# 瑟瑟发抖……神经网络可能在欺骗你！

【导读】你对神经网络的信任度有多高？它总能学习到你想让他学习的东西吗？你真的敢坐在一辆自动驾驶的汽车上吗？我曾经也对神经网络充满了“崇拜”和信任，直到我亲眼看见它学出了我看不懂的东西……

How to fool a neural network

```import numpy as np

```#actor's network
IL = 784 #input layer nodes
HL = 100 #hidden layer nodes
OL = 784 #output layer nodes
b1 = np.random.randn(HL)
w2 = np.random.randn(OL,HL) / np.sqrt(HL)
NumParams1 = len(b1.flatten())
NumParams2 = len(w2.flatten())```

```#white image
img = np.zeros((28,28)).reshape(784)
#forward propagation
def predict(s,b1,w2):
h = b1 #should be np.dot(w1,s)+b1 but the input state is always zero (white image)
h[h<0]=0 #relu
out = np.dot(w2,h) #hidden layer to output
out[out<0]=0 #white pixels
out[out>0]=1 #black pixels
return out```

```# ES parameters
NumEpisodes = 100
NumPolicies = 50
sigma = 0.1
learning_rate = 0.1
# digit we are trying to learn to write
DIGIT = 3
Reward = np.zeros(NumPolicies)
EpisodeReward = np.zeros(NumEpisodes)
# start learning
for episode in range(NumEpisodes):
# generate random variations around original policy
eps = np.random.randn(NumPolicies, NumParams1 + NumParams2)  # normal distribution
# evaluate each policy over one episode
for policy in range(NumPolicies):
b1_try = b1 + sigma * eps[policy, :NumParams1].reshape(b1.shape)
w2_try = w2 + sigma * eps[policy, NumParams1:].reshape(w2.shape)
Reward[policy] = 0

# write on white paper
out = predict(img, b1_try, w2_try)
# collect reward from CNN looking at writing
out = out.reshape(1, 28, 28, 1)
out = out.astype('float32')
# output score from CNN for selected class
Reward[policy] += critic.predict(out, verbose=0)[0, DIGIT]
# calculate incremental rewards
EpisodeReward[episode] = np.mean(Reward)
F = (Reward - EpisodeReward[episode])

# update weights of original policy according to rewards of all variations
weights_update = learning_rate / (NumPolicies * sigma) * np.dot(eps.T, F)
b1 += weights_update[:NumParams1].reshape(b1.shape)
w2 += weights_update[NumParams1:].reshape(w2.shape)
if episode % 10 == 0:
print('Episode {0}, reward = {1}'.format(episode, EpisodeReward[episode]))```

```import matplotlib.pyplot as plt
out = predict(img,b1,w2)
out = out.reshape((28,28))
plt.imshow(out, cmap='Greys', clim=(0,1))
plt.show()```

[注意，如果您试图复制这些结果，您需要一些耐心和一些超参数测试，因为ES不会每次都很快收敛。]

1.我的CNN毫无用处，因为它看到了不存在的东西。

2.我们有一个很好的方法来生成对抗的例子来欺骗神经网络。

1.https://medium.com/swlh/evolution-strategies-844e2694e632

https://medium.com/@ffrige/how-to-fool-a-neural-network-8ce248dc439c

-END-

0 条评论

## 相关文章

### scikit-learn和tensorflow到底有什么本质区别？

Scikit-learn(sklearn)的定位是通用机器学习库，而TensorFlow(tf)的定位主要是深度学习库。一个显而易见的不同：tf并未提供skle...

15950

28350

13720

### 学不学吴恩达 deeplearning.ai 课程，看完这篇你就知道了

AI 研习社按：本文的作者是 Thomas Treml，是一名具有社会学背景的数据科学自由职业者。他在 Medium 上分享了自己学习 deeplearning...

11110

40150

### 【重磅】深度学习难以加冕算法之王 3 大根本原因

【新智元导读】New Frontiers in Computing 2016 日前在斯坦福举行， 探讨视觉、NPL、人机界面等认知和计算前沿问题。本文是参会笔记...

39980

36460

37190

13940

### 深度 | 微软亚洲研究院刘铁岩博士：迎接深度学习的“大”挑战（下）

AI科技评论按：本文根据刘铁岩博士在中国人工智能学会AIDL第二期人工智能前沿讲习班＊机器学习前沿所作报告《迎接深度学习的“大”挑战》编辑整理而来，发文前已得到...

369100