Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses

Introduction

This repository contains the code for paper Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses. This paper shows that a simple universal perturbation can fool a series of state-of-the-art defenses.

Usage

Dependencies

  • Anaconda
  • Python3.6
  • Tensorflow 1.10.0
  • Tensorpack 0.9.0.1
  • easydict
  • scipy
  • pillow

Here is a sample scrip to install Dependencies after you have Anaconda.

conda create -n python3 python=3.6
source activate python3
pip install --upgrade tensorflow-gpu
pip install --upgrade git+https://github.com/tensorpack/tensorpack.git
pip install easydict
conda install -c anaconda scipy
pip install pillow

Dataset and model checkpoints

We use images from ImageNet LSVRC 2012 Validation Set and resized them to 299x299. You can download the preprocessed images HERE if you accept the terms.

We support generate adversarial examples with 3 clean trained models (Inception-{v3, v4}, Inception-Resnet-v2), and evaluate them by 3 ensemble adversarial trained models (ens3_inception_v3, ens4_inception_v3, ens_inception_resnet_v2). We will release more defense models that are mentioned in the paper. We original download them from here and here and then slightly modified the tensor name. You can download the modified checkpoints from HERE.

After download them, edit and use data/link_to_data.sh to build soft link data/checkpoints and data/val_data by

bash data/link_to_data.sh

We assign every network with an id, so that they can be shortly mentioned in one character. Here is a table to provide ids for each network. You can see line 69 to 70 of config.py for more details.

ID 0 1 2
Networks for Training IncV3 IncV4 IncRes
Networks for Evaluation Ens3IncV3 Ens4IncV3 EnsIncRes

Train, Attack and Eval

python train.py                          # train based on IncV3
python attack.py --GPU_ID 0              # attack
python eval.py --GPU_ID 0                # evaluate
python attack.py --universal --GPU_ID 0  # universal attack  
python eval.py --universal --GPU_ID 0    # evaluate

If you find the code useful, please consider citing the following paper.

@article{li2019regional,
  title={Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses},
  author={Li, Yingwei and Bai, Song and Xie, Cihang and Liao, Zhenyu and Shen, Xiaohui and Yuille, Alan},
  journal={arXiv preprint arXiv:1904.00979},
  year={2019}
}

If you encounter any problems or have any inquiries, please contact us at yingwei.li@jhu.edu.

About

Source code for Regional Homogeneity: Towards Learning Transferable Universal Adversarial Perturbations Against Defenses (ECCV 2020)

Resources

License

Releases

No releases published

Packages

No packages published