Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

README.md

Targeted-Adversarial-Attack

Introduction

This repository contains the code for the top-1 submission to NIPS 2017: Targeted Adversarial Attacks Competition.

Method

We use the momentum iterative method to generate adversarial examples. We summarize our algorithm in Boosting Adversarial Attacks with Momentum (CVPR 2018, Spotlight).

We notice that targeted attacks have little transferability. The finding is drawn not only from our experiments but also from other submissions to this competition. We think that it's hard to find transferable adversarial examples for the ImageNet dataset with a large number of classes (i.e., 1000), because the decision boundary between two classes may not exhibit the same properties for different models.

Citation

If you use momentum iterative method for attacks in your research, please consider citing

@inproceedings{dong2018boosting,
  title={Boosting Adversarial Attacks with Momentum},
  author={Dong, Yinpeng and Liao, Fangzhou and Pang, Tianyu and Su, Hang and Zhu, Jun and Hu, Xiaolin and Li, Jianguo},
  booktitle={Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition},
  year={2018}
}

Implementation

Models

The models can be downloaded here.

If you want to attack other models, you can replace the model definition part to your own models.

Cleverhans

We also implement this method in Cleverhans.

Non-targered Attacks

Please find the non-targeted attacks at https://github.com/dongyp13/Non-Targeted-Adversarial-Attacks.

About

A targeted adversarial attack method, which won the NIPS 2017 targeted adversarial attacks competition

Topics

Resources

License

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.