This is the companion code for the paper "Meta-Learning the Search Distribution of Black-Box Random Search Based Adversarial Attacks" by Yatsura et al. published in NeurIPS 2021. The code allows the users to reproduce and extend the results reported in the study. Please cite the above paper when reporting, reproducing or extending the results.
This software is a research prototype, solely developed for and published as part of the publication. It will neither be maintained nor monitored in any way.
The script meta_learned_square_attack/main.py can be used for both meta-training and evaluation. When no training is required i. e. we
run the attack in evaluation mode, use command line flag --test
Examples:
Meta-training the controllers:
python meta_learned_square_attack/main.py --model resnet18 --n_images 1000 --n_iter 1000 --n_epochs 10 --bs 100 --meta_lr 0.03 --color mlp --step_size mlp --meta_schedule cosine --p 0.8 --loss ce --update_threshold 0 --relaxed_squares --momentum 0.99 --temperature 1 --seed 0 --n_hidden 2 --hidden_size 10
Evaluation on CIFAR10 robustbench models:
python meta_learned_square_attack/main.py --model Ding2020MMA --n_images 1000 --n_iter 5000 --n_epochs 1 --bs -1 --color controllers/color_controller.pkl --step_size controllers/step_size_controller.pkl --meta_schedule cosine --loss margin --test --seed 0
Evaluation on ImageNet robustness models:
python meta_learned_square_attack/main_imagenet.py --datapath <PATH_TO_IMAGENET> --model resnet18 --model_dir <PATH_TO_A_PRETRAINED_MODEL> --n_images 1000 --n_iter 5000 --n_epochs 1 --bs 1000 --color controllers/color_controller.pkl --step_size controllers/step_size_controller.pkl --loss margin --test --seed 0
META-RS is open-sourced under the AGPL-3.0 license. See the LICENSE file for details.