Giter VIP home page Giter VIP logo

linbp-attack's Introduction

LinBP-Attack

Code for our NeurIPS 2020 paper Backpropagating Linearly Improves Transferability of Adversarial Examples.

Environments

  • Python 3.7.4
  • PyTorch 1.4.0
  • Torchvision 0.5.0
  • Pillow 7.0.0
  • Numpy 1.18.1

Datasets

CIFAR-10 and ImageNet should be prepared into the following structure:

linbp-attack
└───data
    ├── cifar10
    │   ├── selected_cifar10.csv
    │   └── cifar-10-batches-py
    └── imagenet
        ├── selected_imagenet.csv
        └── ILSVRC2012_img_val

For CIFAR-10, select images from validation set, and write selected_cifar10.csv as following:

class_index,data_index
3,0
8,1
8,2
...

The data_index is the index of image in data/cifar10/cifar-10-batches-py/test_batch

For ImageNet, select images from validation set, and write selected_imagenet.csv as following:

class_index, class, image_name
0,n01440764,ILSVRC2012_val_00002138.JPEG
2,n01484850,ILSVRC2012_val_00004329.JPEG
...

Models

Please download pretrained models at here, then extract them to attack/cifar10/models and attack/imagenet/models.

Attack

Untarget attack on CIFAR-10 using PGD+LinBP+ILA, under epsilon = 0.03 :

python3 attack/cifar10/attack_vgg19.py --epsilon 0.03 --niters 100 --ila_niters 100 --method linbp_ila_pgd \
--save_dir data/cifar10/linbp_ila_pgd --batch_size 500

Untarget attack on ImageNet using PGD+LinBP+ILA, under epsilon = 0.03 :

python3 attack/imagenet/attack_resnet50.py --epsilon 0.03 --niters 300 --ila_niters 100 --method linbp_ila_pgd \
--save_dir data/imagenet/linbp_ila_pgd --batch_size 50 --sgm_lambda 1.0

--sgm_lambda is the scaling factor in the residual units of SGM method.
For both CIFAR-10 and ImageNet, add --target_attack to mount a target attack. The --method can be set as fgsm/ifgsm/pgd/mifgsm/mdi2fgsm. Either ILA, LinBP or both are supported by adding ila/linbp/linbp_ila like linbp_pgd.

Test

CIFAR-10:

python3 attack/cifar10/test.py --dir data/cifar10/linbp_ila_pgd

ImageNet:

python3 attack/imagenet/test.py --dir data/imagenet/linbp_ila_pgd

Acknowledgements

The following resources are very helpful for our work:
Pretrained models for CIFAR-10: bearpaw/pytorch-classification
Pretrained models for ImageNet: Cadene/pretrained-models.pytorch and torchvision.models
GDAS: D-X-Y/AutoDL-Projects
Pretrained GDAS: ZiangYan/subspace-attack.pytorch

Citation

@inproceedings{guo2020backpropagating,
    title={Backpropagating Linearly Improves Transferability of Adversarial Examples.},
    author={Guo, Yiwen and Li, Qizhang and Chen, Hao},
    booktitle={NeurIPS},
    year={2020}
}

linbp-attack's People

Contributors

qizhangli avatar

Stargazers

ZcsrenLongZ avatar freeneuro avatar avatar Aoyang Zhou avatar Yechao Zhang avatar z p avatar Zeming Wei avatar Jun Liu avatar avatar Mishuni avatar xuxiangsun avatar avatar Hossein Kashiani avatar YE ZHIXING avatar Malik Hashmat avatar avatar Sprite avatar Chr1sto avatar avatar Tencent Blade Team avatar Guan-Ting (Daniel) Lin avatar avatar Myung-Joon Kwon avatar Zhuoran Liu avatar Zhengyu Zhao avatar jiaxiaojun avatar Fengfan Zhou avatar avatar avatar Jinlai Zhang avatar Yiming Li avatar Xin Wang avatar avatar Jie Zhang avatar avatar avatar Xry98 avatar Chen Ma avatar Lue Tao avatar avatar yanziang avatar avatar dogf1ghts avatar

Watchers

avatar

Forkers

jiawangbai wanglei623416386 yu-wenqian zywang624 a-biao96

linbp-attack's Issues

Something went wrong about the result?

Hello! I have tried to run your code but the result I got is really confusing T^T
I use test.py to evaluate the result, but only got this
image
I use 5000 Imagenet images and their corresponding labels to generate adversarial samples
the parameters I set are like this:
image
Could you please give me some advice to improve the success rates?
Thanks a lot !!

Can you provide your selected csv file?

Hello, I really appreciate your job. However, I can't find the selected_imagenet.csv file in this repository. So I write an code and generate my selected_imagenet.csv file and run your code on it. But the result is not normal. By the setting with {dataset = imagenet, backbone = fgsm, suggorate_model = resnet50}, 'linbp' method get even worse transfer rate than pure FGSM; By the setting with {dataset = imagenet, backbone = PGD, suggorate_model = resnet50}, 'linbp' method get much better transfer rate than pure PGD; I have check my code finding no bug, so I hope to get your seleceted file and reproduce your results.

Comparison With SOTA

Hi,

Congratulations on your NeuRIPS paper. How does the transferability of your attack compare with this work (Cross-Domain Transferability of Adversarial Perturbations (https://arxiv.org/abs/1905.11736))?

This is a state-of-the-art attack in terms of transferability.

About vgg19 result on high-resolution dataset

Hi, thanks for your job and for sharing the code.

By the way, I made an experiment using vgg19 code in 'attack/cifar10/' on the different datasets (high-resolution dataset like caltech256, cubs200 (3, 224, 224)).
However, the results show very poor transferability.
The transferability score is 10% against the resnet50 model as the target model.

I used the original vgg19 bn model provided by torchvision.
I know the vgg19 bn model in the code is different from the original vgg19 bn model (has less fully connected layers in the classifier section of the whole model)
So, I add the linbp_relu function to the last 2 relu layer in the classifier section.
But the result had no improvement.

The hyper-parameters that I used are followed.
--epsilon 0.03 --niters 300 --ila_niters 100 --method linbp_ifgsm --save_dir data/cubs200/linbp_ifgsm --batch_size 32

I expect that the vgg19 will show good transferability with the high-resolution dataset just like resnet50.
Can you tell me is there anything I missed or misunderstood??

Again, I really appreciate your job!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.