transfer attack; adversarial examples; black-box attack; unrestricted Adversarial Attacks on ImageNet; CVPR2021 天池黑盒竞赛

Overview

transfer_adv

CVPR-2021 AIC-VI: unrestricted Adversarial Attacks on ImageNet

CVPR2021 安全AI挑战者计划第六期赛道2:ImageNet无限制对抗攻击

介绍 :

深度神经网络已经在各种视觉识别问题上取得了最先进的性能。尽管取得了极大成功,深度模型的安全问题也在业内引起了不少担忧,举例来说,深度神经网络很容易遭受输入上微小和不可察觉的干扰导致的误分类(这些输入也被称作对抗样本)。除了对抗样本,在实际场景中,深度模型遇到的更多威胁来自于非限制扰动对抗样本,即攻击者在图像上进行大范围且可见的修改,使得模型误识别的同时不影响人的正常观察。无限制对抗攻击是近两年来对抗领域的一个热门方向,希望通过此次比赛不仅可以让参赛选手了解和探索ImageNet上的无限制对抗攻击场景,还可以进一步提炼并总结无限制攻击的一些创新而有效的方案,在学术上推动对抗攻击领域的发展。

在ImageNet分类任务上,近年来出现了多种评测模型在不同场景下鲁棒性的衍生数据集(例如ImageNet-C,ImageNet-A,ImageNet-Sketch,ImageNet-R等),这些数据集都没有限制改动图像和原图之间的相似性,而是要求攻击图像更贴近现实世界存在的噪声(实际中常常发生的图像corruption,或者out of distribution现象)。本次比赛旨在探究更贴近实际且攻击性更强的生成无限制对抗扰动的方式。同时通过多种无限制攻击测试帮助理解当前深度模型脆弱之处并构建更鲁棒的分类服务。

思路:我们采用了黑盒迁移性攻击策略,通过对替代模型得攻击,完成对线上模型的攻击

涉及技术:MI, TI, DI, Gaussian smoothing,FGSM等

比赛排名:初赛 TOP4 , 复赛TOP10, 决赛TOP4

具体涨分细节请参考:https://tianchi.aliyun.com/forum/postDetail?spm=5176.12586969.1002.3.f63141379PH9tV&postId=208941

该项目需要创建以下文件夹:

transfer_adv

​ - inputdata\

​ -—images/*.jpg

​ -—dev.csv

​ - results\

攻击效果图:

results_show

You might also like...
Adversarial-Information-Bottleneck - Distilling Robust and Non-Robust Features in Adversarial Examples by Information Bottleneck (NeurIPS21)
ColossalAI-Examples - Examples of training models with hybrid parallelism using ColossalAI

ColossalAI-Examples This repository contains examples of training models with Co

Code for CVPR2021 "Visualizing Adapted Knowledge in Domain Transfer". Visualization for domain adaptation. #explainable-ai

Visualizing Adapted Knowledge in Domain Transfer @inproceedings{hou2021visualizing, title={Visualizing Adapted Knowledge in Domain Transfer}, auth

Pytorch implementation of CVPR2021 paper
Pytorch implementation of CVPR2021 paper "MUST-GAN: Multi-level Statistics Transfer for Self-driven Person Image Generation"

MUST-GAN Code | paper The Pytorch implementation of our CVPR2021 paper "MUST-GAN: Multi-level Statistics Transfer for Self-driven Person Image Generat

Implementation of Wasserstein adversarial attacks.

Stronger and Faster Wasserstein Adversarial Attacks Code for Stronger and Faster Wasserstein Adversarial Attacks, appeared in ICML 2020. This reposito

Adversarial Attacks on Probabilistic Autoregressive Forecasting Models.

Attack-Probabilistic-Models This is the source code for Adversarial Attacks on Probabilistic Autoregressive Forecasting Models. This repository contai

Defending graph neural networks against adversarial attacks (NeurIPS 2020)
Defending graph neural networks against adversarial attacks (NeurIPS 2020)

GNNGuard: Defending Graph Neural Networks against Adversarial Attacks Authors: Xiang Zhang ([email protected]), Marinka Zitnik (marinka@hms.

Boosting Adversarial Attacks with Enhanced Momentum (BMVC 2021)

EMI-FGSM This repository contains code to reproduce results from the paper: Boosting Adversarial Attacks with Enhanced Momentum (BMVC 2021) Xiaosen Wa

Owner
student
null
Black-Box-Tuning - Black-Box Tuning for Language-Model-as-a-Service

Black-Box-Tuning Source code for paper "Black-Box Tuning for Language-Model-as-a

Tianxiang Sun 149 Jan 4, 2023
Code for "Diversity can be Transferred: Output Diversification for White- and Black-box Attacks"

Output Diversified Sampling (ODS) This is the github repository for the NeurIPS 2020 paper "Diversity can be Transferred: Output Diversification for W

null 50 Dec 11, 2022
Adversarial Color Enhancement: Generating Unrestricted Adversarial Images by Optimizing a Color Filter

ACE Please find the preliminary version published at BMVC 2020 in the folder BMVC_version, and its extended journal version in Journal_version. Datase

null 28 Dec 25, 2022
A method that utilized Generative Adversarial Network (GAN) to interpret the black-box deep image classifier models by PyTorch.

A method that utilized Generative Adversarial Network (GAN) to interpret the black-box deep image classifier models by PyTorch.

Yunxia Zhao 3 Dec 29, 2022
[CVPR 2021] Pytorch implementation of Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs

Hijack-GAN: Unintended-Use of Pretrained, Black-Box GANs In this work, we propose a framework HijackGAN, which enables non-linear latent space travers

Hui-Po Wang 46 Sep 5, 2022
Explainer for black box models that predict molecule properties

Explaining why that molecule exmol is a package to explain black-box predictions of molecules. The package uses model agnostic explanations to help us

White Laboratory 172 Dec 19, 2022
Code for "Retrieving Black-box Optimal Images from External Databases" (WSDM 2022)

Retrieving Black-box Optimal Images from External Databases (WSDM 2022) We propose how a user retreives an optimal image from external databases of we

joisino 5 Apr 13, 2022
This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

Black-Box-Defense This repository contains the code and models necessary to replicate the results of our recent paper: How to Robustify Black-Box ML M

OPTML Group 2 Oct 5, 2022
This repository contains the code and models necessary to replicate the results of paper: How to Robustify Black-Box ML Models? A Zeroth-Order Optimization Perspective

Black-Box-Defense This repository contains the code and models necessary to replicate the results of our recent paper: How to Robustify Black-Box ML M

OPTML Group 2 Oct 5, 2022
Pythonic particle-based (super-droplet) warm-rain/aqueous-chemistry cloud microphysics package with box, parcel & 1D/2D prescribed-flow examples in Python, Julia and Matlab

PySDM PySDM is a package for simulating the dynamics of population of particles. It is intended to serve as a building block for simulation systems mo

Atmospheric Cloud Simulation Group @ Jagiellonian University 32 Oct 18, 2022