数据沙盘>> torchadver>> 返回
项目作者: nebula-beta

项目描述 :
A PyTorch Toolbox for creating adversarial examples that fool neural networks.
高级语言: Python
项目地址: git://github.com/nebula-beta/torchadver.git
创建时间: 2019-08-02T14:30:28Z
项目社区:https://github.com/nebula-beta/torchadver
开源协议:
下载


Introduction

torchadver is a Pytorch tool box for generating adversarial images. The basic adversarial attack are implemented. Such as FSGM, I-FGSM, MI-FGSM, M-DI-FGSM, C&W .etc.

Installation

How to Use

The brief attack process is shown below. More detailed process introduction you can refer to ./examples/toturial.py.

Generate adversarial images by satisfy L2 norm

Non-targeted attack

  1. from torchadver.attacker.iterative_gradient_attack import FGM_L2, I_FGM_L2, MI_FGM_L2, M_DI_FGM_L2
  4. mean = [0.5, 0.5, 0.5]
  5. std = [0.5, 0.5, 0.5]
  7. # images normalized by mean and std
  8. images, labels = ...
  9. model = ...
  11. # use mean and std to determine effective range of pixel of image in channels.
  12. attacker = FGM_L2(model, loss_fn=nn.CrossEntropyLoss(),
  13.                   mean=mean, std=std, 
  14.                   max_norm=4.0, # L2 norm bound
  15.                   random_init=True)
  17. # for non-targeted attack
  18. adv_images = attacker.attack(images, labels) # or adv_images = attacker.attack(images)

Targeted attack

  1. from torchadver.attacker.iterative_gradient_attack import FGM_L2, I_FGM_L2, MI_FGM_L2, M_DI_FGM_L2
  4. mean = [0.5, 0.5, 0.5]
  5. std = [0.5, 0.5, 0.5]
  7. # images normalized by mean and std
  8. images, labels = ...
  9. model = ...
  10. targeted_labels = ...
  12. # use mean and std to determine effective range of pixel of image in channels.
  13. attacker = FGM_L2(model, loss_fn=nn.CrossEntropyLoss(),
  14.                   mean=mean, std=std, 
  15.                   max_norm=4.0, # L2 norm bound
  16.                   random_init=True)
  18. # for non-targeted attack
  19. adv_images = attacker.attack(images, targeted_labels)

Generate adversarial images by satisfy Linf norm

Non-targeted attack

  1. from torchadver.attacker.iterative_gradient_attack import FGM_LInf, I_FGM_LInf, MI_FGM_LInf, M_DI_FGM_LInf
  4. mean = [0.5, 0.5, 0.5]
  5. std = [0.5, 0.5, 0.5]
  7. # images normalized by mean and std
  8. images, labels = ...
  9. model = ...
  11. # use mean and std to determine effective range of pixel of image in channels.
  12. attacker = FGM_L2(model, loss_fn=nn.CrossEntropyLoss(),
  13.                  mean=mean, std=std,
  14.                  max_norm=0.1, # Linf norm bound
  15.                  random_init=True)
  17. # for non-targeted attack
  18. adv_images = attacker.attack(images, labels) # or adv_images = attacker.attack(images)

Targeted attack

  1. from torchadver.attacker.iterative_gradient_attack import FGM_LInf, I_FGM_LInf, MI_FGM_LInf, M_DI_FGM_LInf
  4. mean = [0.5, 0.5, 0.5]
  5. std = [0.5, 0.5, 0.5]
  7. # images normalized by mean and std
  8. images, labels = ...
  9. model = ...
  10. targeted_labels = ...
  12. # use mean and std to determine effective range of pixel of image in channels.
  13. attacker = FGM_L2(model, loss_fn=nn.CrossEntropyLoss(),
  14.                  mean=mean, std=std,
  15.                  max_norm=0.1, # Linf norm bound
  16.                  random_init=True, targeted=True)
  18. # for non-targeted attack
  19. adv_images = attacker.attack(images, targeted_labels)

Citations

More information about adversarial attack about deep learning, refer to awesome-adversarial-deep-learning.