Skip to content
Permalink
Browse files

Initial Commit

Initial commit

Update README.md

Update README.md

Update README.md

Update l2.json

Update linf.json

Update l2.json

Update README.md

Update README.md

Update README.md

Update README.md

Update main.py

FixeS

Update main.py
  • Loading branch information...
andrewilyas committed Jan 10, 2019
0 parents commit e50323c13d5beac9a36f28c675ce0deef041e44b
Showing with 483 additions and 0 deletions.
  1. +106 −0 .gitignore
  2. +21 −0 LICENSE
  3. +33 −0 README.md
  4. +13 −0 src/configs/l2.json
  5. +13 −0 src/configs/linf.json
  6. +10 −0 src/configs/nes-l2.json
  7. +10 −0 src/configs/nes-linf.json
  8. +277 −0 src/main.py
@@ -0,0 +1,106 @@
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class

.data/

# C extensions
*.so

# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST

# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec

# Installer logs
pip-log.txt
pip-delete-this-directory.txt

# Unit test / coverage reports
htmlcov/
.tox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
.hypothesis/
.pytest_cache/

# Translations
*.mo
*.pot

# Django stuff:
*.log
local_settings.py
db.sqlite3

# Flask stuff:
instance/
.webassets-cache

# Scrapy stuff:
.scrapy

# Sphinx documentation
docs/_build/

# PyBuilder
target/

# Jupyter Notebook
.ipynb_checkpoints

# pyenv
.python-version

# celery beat schedule file
celerybeat-schedule

# SageMath parsed files
*.sage.py

# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/

# Spyder project settings
.spyderproject
.spyproject

# Rope project settings
.ropeproject

# mkdocs documentation
/site

# mypy
.mypy_cache/
21 LICENSE
@@ -0,0 +1,21 @@
MIT License

Copyright (c) 2018 Andrew Ilyas

Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
@@ -0,0 +1,33 @@
# Prior Convictions: Black-box Adversarial Attacks with Bandits and Priors
This is the code for reproducing the paper "Prior Convictions: Black-box Adversarial Attacks with Bandits and Priors" ([arxiv](https://arxiv.org/abs/1807.07978)) to appear at ICLR 2019. The paper can be cited as follows:

```
@article{IEM2018PriorCB,
title={Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors},
author={Andrew Ilyas and Logan Engstrom and Aleksander Madry},
journal={ICLR 2019},
year={2018},
url={https://arxiv.org/abs/1807.07978}
}
```

# Results
| | Avg Queries | | Failure Rate | | Avg Queries on NES success | |
|------------------------|-------------|----------|--------------|------------|----------------------------|---------|
| Method | l-inf | l-2 | l-inf | l-2 | l-inf | l-2 |
| NES | 1735 | 2938 | 22.2\% | 34.4\% | 1735 | 2938 |
| Bandits[T] (ours) | 1781 | 2690 | 11.6\% | 30.4\% | 1214 | 2421 |
| __Bandits[TD]__ (ours) | __1117__ | __1858__ | __4.6\%__ | __15.5\%__ | __703__ | __999__ |

# Reproducing the results

## Requirements
- Pytorch (`torch`, `torchvision`) packages
- `argparse` package

The results can be reproduced (with the default hyperparameters) with the following command:
```
python main.py [--nes] [--tiling] --json-config [configs/l2.json | configs/linf.json | configs/linf-nes.json | configs/l2-nes.json]
```

You can run ```python main.py --help``` to see all of the available options/hyperparameters. Although the hyperparameters were tuned for Inception-v3, the attack can by run with the flag `--classifier {inception_v3,resnet50,vgg16_bn}` to attack other classifiers.
@@ -0,0 +1,13 @@
{
"fd_eta": 0.01,
"max_queries": 10000,
"image_lr": 0.5,
"mode": "l2",
"online_lr": 0.1,
"exploration": 0.01,
"epsilon": 5.0,
"batch_size": 500,
"gradient_iters": 1,
"total_images": 10000,
"tile_size": 50
}
@@ -0,0 +1,13 @@
{
"fd_eta": 0.1,
"max_queries": 10000,
"image_lr": 0.01,
"mode": "linf",
"online_lr": 100,
"exploration": 1.0,
"epsilon": 0.05,
"batch_size": 500,
"gradient_iters": 1,
"total_images": 10000,
"tile_size": 50
}
@@ -0,0 +1,10 @@
{
"fd_eta": 0.1,
"max_queries": 10000,
"image_lr": 0.3,
"mode": "l2",
"epsilon": 5.0,
"batch_size": 500,
"gradient_iters": 5,
"total_images": 10000
}
@@ -0,0 +1,10 @@
{
"fd_eta": 0.1,
"max_queries": 10000,
"image_lr": 0.01,
"mode": "linf",
"epsilon": 0.05,
"batch_size": 500,
"gradient_iters": 50,
"total_images": 10000
}

0 comments on commit e50323c

Please sign in to comment.
You can’t perform that action at this time.