Skip to content
A powerful white-box adversarial attack that exploits knowledge about the geometry of neural networks to find minimal adversarial perturbations without doing gradient descent
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
README.rst
examples.py
lr_attack.py
main.py
qpsolver.py
setup.cfg
staxmod.py
utils.py

README.rst

Linear Region Attack

The Linear Region attack is a powerful white-box adversarial attack that exploits knowledge about the geometry of neural networks to find minimal adversarial perturbations without doing gradient descent.

This repository provides an efficient GPU impelementation of the Linear Region attack. If you find our attack useful or use this code, please cite our paper Scaling up the randomized gradient free adversarial attack reveals overestimation of robustness using established attacks.

BibTeX

@article{croce2019scaling,
  title={Scaling up the randomized gradient-free adversarial attack reveals overestimation of robustness using established attacks},
  author={Francesco Croce and Jonas Rauber and Matthias Hein},
  journal={arXiv preprint arXiv:1903.11359},
  year={2019},
}

Requirements

This impelementation requires Python 3.6 or newer, NumPy and JAX. Before installing JAX, you need to install jaxlib with GPU support:

PYTHON_VERSION=cp36
CUDA_VERSION=cuda100
PLATFORM=linux_x86_64
BASE_URL='https://storage.googleapis.com/jax-wheels'
python3 -m pip install --upgrade $BASE_URL/$CUDA_VERSION/jaxlib-0.1.11-$PYTHON_VERSION-none-$PLATFORM.whl

python3 -m pip install --upgrade jax

For details regarding the installation of JAX, please check the JAX readme.

We have successfully used Python 3.6, NumPy 1.16, JAX 0.1.21 and jaxlib 0.1.11.

Usage

To run the attack on a 10-layer convnet trained on CIFAR10 for the first image in the CIFAR-10 test set, just run this:

./main.py cifar_convnet --regions 40  # just for illustration; we recommend more regions, e.g. 400

Note: To run the example, you need CIFAR-10:

wget http://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz
tar -zxvf cifar-10-python.tar.gz
You can’t perform that action at this time.