Code for "Diversity can be Transferred: Output Diversification for White- and Black-box Attacks"

Related tags

Deep Learning ODS
Overview

Output Diversified Sampling (ODS)

This is the github repository for the NeurIPS 2020 paper "Diversity can be Transferred: Output Diversification for White- and Black-box Attacks".

Requirement

Please install PyTorch, pickle, argparse, and numpy

Running experiments

ODS for score-based black-box attacks

The following experiments combine ODS with Simple Black-Box Attack (SimBA).

Evaluation:

The evaluation is held for 5 sample images on ImageNet (images are already resized and cropped).

# untargeted settings with ODS:
python blackbox_simbaODS.py --num_sample 5 --ODS 
# targeted settings with ODS:
python blackbox_simbaODS.py --num_sample 5 --num_step 30000 --ODS --targeted

ODS for decision-based black-box attacks

The following experiments combine ODS with Boundary Attack.

Additional Requirement

Please install Foolbox, Python>=3.6

Evaluation:

The evaluation is held for 5 sample images on ImageNet (images are already resized and cropped).

# untargeted settings with ODS:
python blackbox_boundaryODS.py --num_sample 5 --ODS 
# targeted settings with ODS:
python blackbox_boundaryODS.py --num_sample 5 --ODS --targeted
# untargeted settings with random sampling:
python blackbox_boundaryODS.py --num_sample 5 
# targeted settings with random sampling:
python blackbox_boundaryODS.py --num_sample 5 --targeted

Acknowledgement

Our codes for Boundary Attack are based on Foolbox repo.

ODS for initialization of white-box attacks (ODI)

The following experiments combine ODI with PGD attack.

Training of target model (Adversarial Training):

python whitebox_train_cifar10.py --model-dir [PATH_TO_SAVE_FOLDER] --data-dir [PATH_TO_DATA_FOLDER]

Evaluation PGD attack with ODI:

# Evaluate PGD attack with ODI:
python whitebox_pgd_attack_cifar10_ODI.py --ODI-num-steps 2 --model-path [PATH_TO_THE_MODEL] --data-dir [PATH_TO_DATA_FOLDER] 
# Evaluate PGD attack with naive random initialization (sampled from a uniform distribution):
python whitebox_pgd_attack_cifar10_ODI.py --ODI-num-steps 0 --model-path [PATH_TO_THE_MODEL] --data-dir [PATH_TO_DATA_FOLDER]

Acknowledgement

Our codes for white-box attacks are based on TRADES official repo.

Citation

If you use this code for your research, please cite our paper:

@inproceedings{tashiro2020ods,
  title={Diversity can be Transferred: Output Diversification for White- and Black-box Attacks},
  author={Tashiro, Yusuke and Song, Yang and Ermon, Stefano},
  booktitle={Advances in Neural Information Processing Systems},
  year={2020}
}
Comments
  • How to accelarate SimBA_ODS?

    How to accelarate SimBA_ODS?

    When I attack 1000 images using SimBA_ODS, I found that it runs too slow because each iteration requires a forward-backward of a surrogate model? How to boost attack speed?

    opened by machanic 5
  • thank you for your article ,In mardy cifar-10 wideresnet model ,How did it achieve 44.35% accuracy?

    thank you for your article ,In mardy cifar-10 wideresnet model ,How did it achieve 44.35% accuracy?

    Thank you for providing such a good article,In mardy cifar-10 wideresnet model ,Do you use any optimizer? Such as SGD, ADAM,I set the step size to 2 (2/255), the maximum disturbance is 8, the number of restarts is 20, the number of ODIs is 2 and the number of attacks is 20, but I can hardly get an accuracy of 44.35%, only 44.62%?I want to know if there are other detailed details, I am adapted from mardy's code。 can you disclose the code of your test mardy cifar10 model? Thank you very much

    opened by liuye6666 3
  • About the parameter: num_restarts

    About the parameter: num_restarts

    In white-box attack, why do you run the code repeatedly with the parameter 'num_restarts'? I don't know whether the parameter 'num_restart' influences the result of your method, hoping for your answer.

    opened by hcguoO0 2
  • used for object detection

    used for object detection

    Hi!

    Boundary Attack is designed for image classifier, but I wonder can this algorithm be used to attack object detector like ssd/yolo? Thanks for answering!

    opened by jaeholo 1
  • Do you miss one query count in SimBA ODS?

    Do you miss one query count in SimBA ODS?

    I notice that the query in this line https://github.com/ermongroup/ODS/blob/master/blackbox_simbaODS.py#L97 is not counted in nQuery.

    https://github.com/ermongroup/ODS/blob/master/blackbox_simbaODS.py#L123 only counts for the query in line: https://github.com/ermongroup/ODS/blob/master/blackbox_simbaODS.py#L122

    Why line 97 does not been counted in the nQuery?

    opened by machanic 1
  • SimBA ODS is not based on SimBA?

    SimBA ODS is not based on SimBA?

    I found that you name your algorithm based on SimBA, however you use the loss function, which is be used by SimBA. SimBA only uses the output probability to attack.

    Am I right?

    opened by machanic 1
Owner
null
GitHub
TensorFlow code for the neural network presented in the paper: "Structural Language Models of Code" (ICML'2020)

SLM: Structural Language Models of Code This is an official implementation of the model described in: "Structural Language Models of Code" [PDF] To ap

null 73 Nov 6, 2022
Inference code for "StylePeople: A Generative Model of Fullbody Human Avatars" paper. This code is for the part of the paper describing video-based avatars.

NeuralTextures This is repository with inference code for paper "StylePeople: A Generative Model of Fullbody Human Avatars" (CVPR21). This code is for

Visual Understanding Lab @ Samsung AI Center Moscow 18 Oct 6, 2022
A code generator from ONNX to PyTorch code

onnx-pytorch Generating pytorch code from ONNX. Currently support onnx==1.9.0 and torch==1.8.1. Installation From PyPI pip install onnx-pytorch From

Wenhao Hu 94 Jan 6, 2023
This is the code for our KILT leaderboard submission to the T-REx and zsRE tasks. It includes code for training a DPR model then continuing training with RAG.

KGI (Knowledge Graph Induction) for slot filling This is the code for our KILT leaderboard submission to the T-REx and zsRE tasks. It includes code fo

International Business Machines 72 Jan 6, 2023
Convert Python 3 code to CUDA code.

Py2CUDA Convert python code to CUDA. Usage To convert a python file say named py_file.py to CUDA, run python generate_cuda.py --file py_file.py --arch

Yuval Rosen 3 Jul 14, 2021
Empirical Study of Transformers for Source Code & A Simple Approach for Handling Out-of-Vocabulary Identifiers in Deep Learning for Source Code

Transformers for variable misuse, function naming and code completion tasks The official PyTorch implementation of: Empirical Study of Transformers fo

Bayesian Methods Research Group 56 Nov 15, 2022
Reference implementation of code generation projects from Facebook AI Research. General toolkit to apply machine learning to code, from dataset creation to model training and evaluation. Comes with pretrained models.

This repository is a toolkit to do machine learning for programming languages. It implements tokenization, dataset preprocessing, model training and m

Facebook Research 408 Jan 1, 2023
Code for the prototype tool in our paper "CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning".

CoProtector Code for the prototype tool in our paper "CoProtector: Protect Open-Source Code against Unauthorized Training Usage with Data Poisoning".

Zhensu Sun 1 Oct 26, 2021
Low-code/No-code approach for deep learning inference on devices

EzEdgeAI A concept project that uses a low-code/no-code approach to implement deep learning inference on devices. It provides a componentized framewor

On-Device AI Co., Ltd. 7 Apr 5, 2022
Code for all the Advent of Code'21 challenges mostly written in python

Advent of Code 21 Code for all the Advent of Code'21 challenges mostly written in python. They are not necessarily the best or fastest solutions but j

null 4 May 26, 2022
Code to use Augmented Shapiro Wilks Stopping, as well as code for the paper "Statistically Signifigant Stopping of Neural Network Training"

This codebase is being actively maintained, please create and issue if you have issues using it Basics All data files are included under losses and ea

J K Terry 32 Nov 9, 2021
Opinionated code formatter, just like Python's black code formatter but for Beancount

beancount-black Opinionated code formatter, just like Python's black code formatter but for Beancount Try it out online here Features MIT licensed - b

Launch Platform 16 Oct 11, 2022
a delightful machine learning tool that allows you to train, test and use models without writing code

igel A delightful machine learning tool that allows you to train/fit, test and use models without writing code Note I'm also working on a GUI desktop

Nidhal Baccouri 3k Jan 5, 2023
Pytorch Lightning code guideline for conferences

Deep learning project seed Use this seed to start new deep learning / ML projects. Built in setup.py Built in requirements Examples with MNIST Badges

Pytorch Lightning 1k Jan 2, 2023
Automatically Build Multiple ML Models with a Single Line of Code. Created by Ram Seshadri. Collaborators Welcome. Permission Granted upon Request.

Auto-ViML Automatically Build Variant Interpretable ML models fast! Auto_ViML is pronounced "auto vimal" (autovimal logo created by Sanket Ghanmare) N

AutoViz and Auto_ViML 397 Dec 30, 2022
Code samples for my book "Neural Networks and Deep Learning"

Code samples for "Neural Networks and Deep Learning" This repository contains code samples for my book on "Neural Networks and Deep Learning". The cod

Michael Nielsen 13.9k Dec 26, 2022
Code for: https://berkeleyautomation.github.io/bags/

DeformableRavens Code for the paper Learning to Rearrange Deformable Cables, Fabrics, and Bags with Goal-Conditioned Transporter Networks. Here is the

Daniel Seita 121 Dec 30, 2022
Code for our method RePRI for Few-Shot Segmentation. Paper at http://arxiv.org/abs/2012.06166

Region Proportion Regularized Inference (RePRI) for Few-Shot Segmentation In this repo, we provide the code for our paper : "Few-Shot Segmentation Wit

Malik Boudiaf 138 Dec 12, 2022
Applications using the GTN library and code to reproduce experiments in "Differentiable Weighted Finite-State Transducers"

gtn_applications An applications library using GTN. Current examples include: Offline handwriting recognition Automatic speech recognition Installing

Facebook Research 68 Dec 29, 2022