Skip to content

Latest commit

 

History

History
140 lines (104 loc) · 8.42 KB

README.md

File metadata and controls

140 lines (104 loc) · 8.42 KB

🛡 torchattack - A set of adversarial attacks in PyTorch.

Install from GitHub source -

python -m pip install git+https://github.com/spencerwooo/torchattack@v1.0.1

Install from Gitee mirror -

python -m pip install git+https://gitee.com/spencerwoo/torchattack@v1.0.1

Usage

import torch

device = torch.device('cuda' if torch.cuda.is_available() else 'cpu')

Load a pretrained model to attack from either torchvision or timm.

from torchattack import AttackModel

# Load a model with `AttackModel`
model = AttackModel.from_pretrained(model_name='resnet50', device=device)
# `AttackModel` automatically attach the model's `transform` and `normalize` functions
transform, normalize = model.transform, model.normalize

# Additionally, to explicitly specify where to load the pretrained model from (timm or torchvision),
# prepend the model name with 'timm/' or 'tv/' respectively, or use the `from_timm` argument, e.g.
vit_b16 = AttackModel.from_pretrained(model_name='timm/vit_base_patch16_224', device=device)
inception_v3 = AttackModel.from_pretrained(model_name='tv/inception_v3', device=device)
pit_b = AttackModel.from_pretrained(model_name='pit_b_224', device=device, from_timm=True)

Initialize an attack by importing its attack class.

from torchattack import FGSM, MIFGSM

# Initialize an attack
attack = FGSM(model, normalize, device)

# Initialize an attack with extra params
attack = MIFGSM(model, normalize, device, eps=0.03, steps=10, decay=1.0)

Initialize an attack by its name with create_attack().

from torchattack import create_attack

# Initialize FGSM attack with create_attack
attack = create_attack('FGSM', model, normalize, device)

# Initialize PGD attack with specific eps with create_attack
attack = create_attack('PGD', model, normalize, device, eps=0.03)

# Initialize MI-FGSM attack with extra args with create_attack
attack_cfg = {'steps': 10, 'decay': 1.0}
attack = create_attack('MIFGSM', model, normalize, device, eps=0.03, attack_cfg=attack_cfg)

Check out torchattack.eval.runner for a full example.

Attacks

Gradient-based attacks:

Name $\ell_p$ Publication Paper (Open Access) Class Name
FGSM $\ell_\infty$ ICLR 2015 Explaining and Harnessing Adversarial Examples FGSM
PGD $\ell_\infty$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGD
PGD (L2) $\ell_2$ ICLR 2018 Towards Deep Learning Models Resistant to Adversarial Attacks PGDL2
MI-FGSM $\ell_\infty$ CVPR 2018 Boosting Adversarial Attacks with Momentum MIFGSM
DI-FGSM $\ell_\infty$ CVPR 2019 Improving Transferability of Adversarial Examples with Input Diversity DIFGSM
TI-FGSM $\ell_\infty$ CVPR 2019 Evading Defenses to Transferable Adversarial Examples by Translation-Invariant Attacks TIFGSM
NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks NIFGSM
SI-NI-FGSM $\ell_\infty$ ICLR 2020 Nesterov Accelerated Gradient and Scale Invariance for Adversarial Attacks SINIFGSM
VMI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VMIFGSM
VNI-FGSM $\ell_\infty$ CVPR 2021 Enhancing the Transferability of Adversarial Attacks through Variance Tuning VNIFGSM
Admix $\ell_\infty$ ICCV 2021 Admix: Enhancing the Transferability of Adversarial Attacks Admix
FIA $\ell_\infty$ ICCV 2021 Feature Importance-aware Transferable Adversarial Attacks FIA
PNA-PatchOut $\ell_\infty$ AAAI 2022 Towards Transferable Adversarial Attacks on Vision Transformers PNAPatchOut
SSA $\ell_\infty$ ECCV 2022 Frequency Domain Model Augmentation for Adversarial Attack SSA
TGR $\ell_\infty$ CVPR 2023 Transferable Adversarial Attacks on Vision Transformers with Token Gradient Regularization TGR
DeCoWA $\ell_\infty$ AAAI 2024 Boosting Adversarial Transferability across Model Genus by Deformation-Constrained Warping DeCoWA
VDC $\ell_\infty$ AAAI 2024 Improving the Adversarial Transferability of Vision Transformers with Virtual Dense Connection VDC

Others:

Name $\ell_p$ Publication Paper (Open Access) Class Name
DeepFool $\ell_2$ CVPR 2016 DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks DeepFool
GeoDA $\ell_\infty$, $\ell_2$ CVPR 2020 GeoDA: A Geometric Framework for Black-box Adversarial Attacks GeoDA
SSP $\ell_\infty$ CVPR 2020 A Self-supervised Approach for Adversarial Robustness SSP

Development

# Create a virtual environment
python -m venv .venv
source .venv/bin/activate

# Install deps with dev extras
python -m pip install -r requirements.txt
python -m pip install -e ".[dev]"

License

MIT

Related