Skip to content

anishathalye/pixel-deflection

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code
This branch is 7 commits ahead of carlini:master.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
images
 
 
maps
 
 
originals
 
 
README.md
 
 
demo.ipynb
 
 
imagenet_labels.json
 
 
main.py
 
 
methods.py
 
 
model_robustml.py
 
 
robustml_attack.py
 
 
utils.py
 
 
Deflecting Adversarial Attacks with Pixel Deflection Citation robustml evaluation Credits

README.md

Deflecting Adversarial Attacks with Pixel Deflection

The code in this repository demonstrates that Deflecting Adversarial Attacks with Pixel Deflection (Prakash et al. 2018) is ineffective in the white-box threat model.

With an L-infinity perturbation of 4/255, we generate targeted adversarial examples with 97% success rate, and can reduce classifier accuracy to 0%.

See our note for more context and details.

Citation

@unpublished{cvpr2018breaks,
  author = {Anish Athalye and Nicholas Carlini},
  title = {On the Robustness of the CVPR 2018 White-Box Adversarial Example Defenses},
  year = {2018},
  url = {https://arxiv.org/abs/1804.03286},
}

robustml evaluation

Run with:

python robustml_attack.py --imagenet-path <path>

Credits

Thanks to Nicholas Carlini for implementing the break and Dimitris Tsipras for writing the robustml model wrapper.

About

Deflecting Adversarial Attacks with Pixel Deflection (security analysis)

arxiv.org/abs/1804.03286

Resources

Readme
Activity

Stars

2 stars

Watchers

4 watching

Forks

21 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Jupyter Notebook 99.5%
  • Python 0.5%