Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Linear Region Attack

The Linear Region attack is a powerful white-box adversarial attack that exploits knowledge about the geometry of neural networks to find minimal adversarial perturbations without doing gradient descent.

This repository provides an efficient GPU impelementation of the Linear Region attack. If you find our attack useful or use this code, please cite our paper Scaling up the randomized gradient free adversarial attack reveals overestimation of robustness using established attacks.

BibTeX

@article{croce2019scaling,
  author="Croce, Francesco
  and Rauber, Jonas
  and Hein, Matthias",
  title="Scaling up the Randomized Gradient-Free Adversarial Attack Reveals Overestimation of Robustness Using Established Attacks",
  journal="International Journal of Computer Vision",
  year="2019",
  month="Oct",
  day="03",
  issn="1573-1405",
  doi="10.1007/s11263-019-01213-0",
  url="https://doi.org/10.1007/s11263-019-01213-0"
}

Requirements

This impelementation requires Python 3.6 or newer, NumPy and JAX. Before installing JAX, you need to install jaxlib with GPU support:

PYTHON_VERSION=cp36
CUDA_VERSION=cuda100
PLATFORM=linux_x86_64
BASE_URL='https://storage.googleapis.com/jax-wheels'
python3 -m pip install --upgrade $BASE_URL/$CUDA_VERSION/jaxlib-0.1.11-$PYTHON_VERSION-none-$PLATFORM.whl

python3 -m pip install --upgrade jax

For details regarding the installation of JAX, please check the JAX readme.

We have successfully used Python 3.6, NumPy 1.16, JAX 0.1.21 and jaxlib 0.1.11.

Usage

To run the attack on a 10-layer convnet trained on CIFAR10 for the first image in the CIFAR-10 test set, just run this:

./main.py cifar_convnet --regions 40  # just for illustration; we recommend more regions, e.g. 400

Note: To run the example, you need CIFAR-10:

wget http://www.cs.toronto.edu/~kriz/cifar-10-python.tar.gz
tar -zxvf cifar-10-python.tar.gz

About

A powerful white-box adversarial attack that exploits knowledge about the geometry of neural networks to find minimal adversarial perturbations without doing gradient descent

Topics

Resources

Releases

No releases published

Packages

No packages published

Languages