Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

SMGEA: Serial-Mini-Group-Ensemble-Attack

SMGEA is a new Black-Box Adversarial Attack against various Pixel-to-Pixel Tasks, such as Saliency Detection, Depth Estimation, Image Translation, etc. This code repository is an Open-Source Toolbox based on Pytorch Platform.

A preliminary version of this repository has been accepted by AAAI2020: ‘‘A New Ensemble Adversarial Attack Powered by Long-term Gradient Memories’’

We provide 3 visualizations (GIF format) for your reference.

Each GIF contains two parts:

Part-I: In the begining still frames: the upper-left region is the original clean image, the bottom-left region is the ground-truth output of the clean image, the upper-right region is the guide image, the bottom-right region is the ground-truth output of the guide image

Part-II: In the following dynamic frames: the upper-left region is the crafted adversarial example, the upper-right region is the normalized perturbation (obtained by elemen-wise subtraction of clean image and adversarial example, and normalized by min-max normalization for better obvervation). The bottom regions are the outputs of two black-box target models on the crafted adversarial example. The timestamp denotes the iterations.

Visualizations on LSUN'17 Dataset:


Visualizations on Cityspaces Dataset:


Visualizations on Google Satellite Dataset:



  1. Pytorch == 3.5.2

  2. NVIDIA GPU (at least 16GB memory for ensemble attacks!!)

  3. You have to compile the Deformable Convolution Lib by yourself: (Required)

  4. If you want to train/design/enhance the victim models from scratch to defend different attacks in our literature, please visit for more details about model training. These two repositories support each other.

Complete version (including feature-space ensemble, long-term gradient auto-update) of our code will be released after our journal version is accepted, thanks!!!


Adversarial Attack Zoo and Victim Model Zoo for general Pixel-to-Pixel Tasks



No releases published


No packages published